Setting file level ACL

[Corey Osman]

How do I go about using puppet to set an ACL on a file.  I did not see ACL support under the file type.

Has anybody done this before without using exec?

Example:

# Set ACL on directory
setfacl -R -d -m mask:007 /directory

Corey Osman

[jcbollinger]

The command you present as an example can have no Puppet equivalent
other than an Exec, because the state change it directs depends on the
current state of the resources it affects. Or looking at it from the
opposite direction, Puppet has no way to determine whether the
affected resources are already in the target state. That is not the
way Puppet works, except Exec.

If Puppet did support managing file ACLs then it would do so via the
File resource type. If you check that type you will find 'owner',
'group', and 'mode' properties, along with several pertinent to
SELinux; these are what you have to work with. There is also the
'recurse' property for extending the scope of a directory declaration
to all its contents, recursively, but it is likely to cause you
trouble if the files affected that way are many or collectively large.

It is conceivable that File could be extended to allow you to specify
an ACL, but manifests would need to specify the full ACL that was
desired, for application via 'setfacl --set' (NOT 'setfacl --
modify' ). It would be tricky to get this right because of the
overlap between such a property and File's other properties, but it in
principle it could be done.


John

[Dennis Miller]

Is this still not natively available within Puppet?

[Trevor Vaughan]

Hi John,

Not at this time. It was added to the Windows support so hopefully Linux isn't far behind!

Thanks,

Trevor

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/863505b1-51d7-41fb-8c4c-d383406f45f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvau...@onyxpoint.com

-- This account not approved for unencrypted proprietary information --

[Rob Reynolds]

John,

 Please vote/comment on this issue: https://tickets.puppetlabs.com/browse/MODULES-962

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANs%2BFoUvFGhYsJFSEG0PhMds5t0UOp79RqnWZnoEcJp1EDgj8w%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Rob Reynolds

Developer, Puppet Labs

Join us at PuppetConf 2014, September 20-24 in San Francisco

Register by July 31st to take advantage of the Early Bird discount —save $249!

[jcbollinger]

On Thursday, June 19, 2014 8:43:23 AM UTC-5, Rob Reynolds wrote:

John,

 Please vote/comment on this issue: https://tickets.puppetlabs.com/browse/MODULES-962

I may do so, but I suppose you meant to say "Dennis" -- the person who called this thread back from the dead.


John

[Rob Reynolds]

You are correct. My bad. 

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ae277e3b-d148-4127-9b40-3dbb2b4c4900%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.