On Sep 27, 6:23 pm, Corey Osman <[email protected]> wrote: > How do I go about using puppet to set an ACL on a file. I did not see ACL > support under the file type. > > Has anybody done this before without using exec? > > Example: > > # Set ACL on directory > setfacl -R -d -m mask:007 /directory
The command you present as an example can have no Puppet equivalent other than an Exec, because the state change it directs depends on the current state of the resources it affects. Or looking at it from the opposite direction, Puppet has no way to determine whether the affected resources are already in the target state. That is not the way Puppet works, except Exec. If Puppet did support managing file ACLs then it would do so via the File resource type. If you check that type you will find 'owner', 'group', and 'mode' properties, along with several pertinent to SELinux; these are what you have to work with. There is also the 'recurse' property for extending the scope of a directory declaration to all its contents, recursively, but it is likely to cause you trouble if the files affected that way are many or collectively large. It is conceivable that File could be extended to allow you to specify an ACL, but manifests would need to specify the full ACL that was desired, for application via 'setfacl --set' (NOT 'setfacl -- modify' ). It would be tricky to get this right because of the overlap between such a property and File's other properties, but it in principle it could be done. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
