the issues with thias/fooacl: filesystem ACL

[Sans]

Hi there,

Is anyone using thias/fooacl module? I use it for WordPress, to give www-data read access to wp-config.php and few other files. Every time puppet runs, the file becomes unreadable:

# file: wp-config.php
# owner: root
# group: root
user::r--
user:www-data:r--       #effective:---
group::---
mask::---
other::---

eventually breaking the whole site. Any idea why that's happening? And/or how can I fix that? Really appreciate any help on this.

-San

[Ken Lareau]

If the file changes, fooacl on its own won't notice the change and won't reset the ACLs.  You need to notify the class to ensure it does catch this.  We have something like this for ours that we put after the fooacl resource:

File[<filename>] ~> Class['::fooacl']

Hopefully this helps.

--

Ken Lareau

[Sans]

On Friday, May 20, 2016 at 1:21:24 AM UTC+1, Ken Lareau wrote:

 

If the file changes, fooacl on its own won't notice the change and won't reset the ACLs.  You need to notify the class to ensure it does catch this.  We have something like this for ours that we put after the fooacl resource:

File[<filename>] ~> Class['::fooacl']

Hopefully this helps.

I have something similar but is it actually directly related to the issue I described? I have this:

concat { "${wp_root}/wp-config.php":
    mode        => '0400',
    require     => Wpcli::Core::Download["download_wordpress_${title}"],
    notify      => Class['::fooacl'],
}
 
fooacl::conf { "allow_${wordpress::wp_owner}_wp_config_${title}":
    target      => "${wp_root}/wp-config.php",
    permissions => [ "user:${wordpress::wp_owner}:r" ],
    require     => Concat[ "${wp_root}/wp-config.php" ],
}

I cannot figure out if there is fundamentally wrong with this or not. Any suggestions?

-San