FAQ
Hi,

I have just published the module I use to manage POSIX ACLs : fooacl

I don't consider it the cleanest possible approach to the problem, but
it's very efficient and flexible. I would actually call it a hack :-)

There's room for improvement, such as splitting out Execs per managed
path to avoid useless re-applying on unchanged paths, or using file
snippets without concat to avoid depending on that module. Pull
requests are more than welcome :-)

I'll publish it to the forge shortly, too.

https://github.com/thias/puppet-fooacl

Short extract of the README :

--
Most (all?) other ACL modules implement a type which can be declared
only once per file, which isn't flexible. This module takes the unusual
approach of creating a single large concatenated script to manage all
ACLs recursively in a single run. Ugly, yet very efficient and flexible
since ACLs aren't tied to the file type in any way.

Features :

  * Set ACLs for the same path from different parts of your puppet
    manifests (flexible).
  * Set global ACL permissions to be applied for all paths managed by
    the module (flexible).
  * Automatic purging of ACLs on paths as long as at least one ACL is
    still being applied by the module (remove users easily and
    reliably).
  * Automatic setting of both normal and default ACLs to the same values
    (shortens declarations, increases code readability).
--

Feedback welcome!

Matthias

--
             Matthias Saou ██ ██
                                              ██ ██
Web: http://matthias.saou.eu/ ██████████████
Mail/XMPP: matthias@saou.eu ████ ██████ ████
                                        ██████████████████████
GPG: 4096R/E755CC63 ██ ██████████████ ██
      8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
      21A9 7A51 7B82 E755 CC63 ████ ████

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131217121020.26ae07e9%40r2d2.marmotte.net.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Jcbollinger at Dec 17, 2013 at 2:59 pm

    On Tuesday, December 17, 2013 5:10:20 AM UTC-6, Matthias Saou wrote:
    Hi,

    I have just published the module I use to manage POSIX ACLs : fooacl

    I don't consider it the cleanest possible approach to the problem, but
    it's very efficient and flexible. I would actually call it a hack :-)
    But cool, nonetheless. It has many of the features I would hope to see in
    such a module.


    There's room for improvement, such as splitting out Execs per managed
    path to avoid useless re-applying on unchanged paths, or using file
    snippets without concat to avoid depending on that module.
    Or a way to detect and reject inconsistent ACL entry declarations. Or a
    way to leave unmanaged ACL entries alone while managing other entries in
    the same files' ACLs. Even with a few holes, though, it's still better
    than anything else I'm aware of in that space. Nice work!


    John

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6866899a-da3c-4a10-842d-77c2f9541a77%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedDec 17, '13 at 11:10a
activeDec 17, '13 at 2:59p
posts2
users2
websitepuppetlabs.com

2 users in discussion

Matthias Saou: 1 post Jcbollinger: 1 post

People

Translate

site design / logo © 2022 Grokbase