I have just published the module I use to manage POSIX ACLs : fooacl
I don't consider it the cleanest possible approach to the problem, but
it's very efficient and flexible. I would actually call it a hack :-)
There's room for improvement, such as splitting out Execs per managed
path to avoid useless re-applying on unchanged paths, or using file
snippets without concat to avoid depending on that module. Pull
requests are more than welcome :-)
I'll publish it to the forge shortly, too.
Short extract of the README :
Most (all?) other ACL modules implement a type which can be declared
only once per file, which isn't flexible. This module takes the unusual
approach of creating a single large concatenated script to manage all
ACLs recursively in a single run. Ugly, yet very efficient and flexible
since ACLs aren't tied to the file type in any way.
* Set ACLs for the same path from different parts of your puppet
* Set global ACL permissions to be applied for all paths managed by
the module (flexible).
* Automatic purging of ACLs on paths as long as at least one ACL is
still being applied by the module (remove users easily and
* Automatic setting of both normal and default ACLs to the same values
(shortens declarations, increases code readability).
Matthias Saou ██ ██
Web: http://matthias.saou.eu/ ██████████████
Mail/XMPP: email@example.com ████ ██████ ████
GPG: 4096R/E755CC63 ██ ██████████████ ██
8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
21A9 7A51 7B82 E755 CC63 ████ ████
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131217121020.26ae07e9%40r2d2.marmotte.net.
For more options, visit https://groups.google.com/groups/opt_out.