5

I would like to use Puppet to manage a directory. I want the directory to be owned by user root and group admin, with 0770 permissions.

I would like all files in the directory to be owned by user apache and group admin with 0600 permissions.

I have yet to find a way to achieve this using the file resource in Puppet. I have tried using two resources like so:

file { 'phpsessions_files':
    path => '/var/phpsessions',
    ensure => directory,
    owner => 'apache',
    group => 'admin',
    mode => 0600,
    recurse => true,
    before => File['phpsessions_dir'],
}

file { 'phpsessions_dir':
    path => '/var/phpsessions',
    recurse => false,
    owner => 'root',
    group => 'admin',
    mode => 0770,
}

But I am not allowed to create two file resources to the same path and I can't see how to achieve what I want with just one resource.

Your help is much appreciated.

Gabe
  • 1,078
  • 1
  • 11
  • 17

2 Answers2

0

Create a define containing an exec to change the mode of the directory after it is recursed.

http://projects.puppetlabs.com/projects/1/wiki/File_Permission_Check_Patterns

ptierno
  • 9,534
  • 2
  • 23
  • 35
  • How this will change the ownership of the file or directory which is already set by puppet file type ? If you try to change it via exec, the rules will be non-convergent. – iamauser Aug 20 '13 at 14:23
  • Good point. My fault, didn't notice the ownership change. Maybe add another exec to the define ensure that ownership is set correctly. – ptierno Aug 20 '13 at 14:35
  • That won't do either. You have to add a function that will loop over all the files and subdirectories inside the parent one to change the permissions and ownerships. – iamauser Aug 20 '13 at 16:46
  • 2
    sadly Puppetlabs shut the wiki down. link still in the archive.org though http://web.archive.org/web/20160401113847/http://projects.puppetlabs.com/projects/1/wiki/File_Permission_Check_Patterns – Vagnerr Oct 19 '16 at 13:16
0

To the best of my knowledge this is not possible in puppet. i would manage only the following 

  file { 'phpsessions_dir':
      path => '/var/phpsessions',
      recurse => false,
      owner => 'root',
      group => 'admin',
      mode => 0770,
  }

php/apache should create the files within this folder with the correct permissions, If they don't fix that in php.ini. If you are worried that something else is gonna come along and change the permissions then fall back to a cron job or better yet a systemd.timer to periodicity check and correct them

balder
  • 734
  • 5
  • 12