GithubHelp home page GithubHelp logo

jadestorm / puppet-fooacl Goto Github PK

View Code? Open in Web Editor NEW

This project forked from stepping-stone/puppet-fooacl

0.0 2.0 0.0 18 KB

Puppet POSIX ACLs module

License: Other

Puppet 61.86% Shell 9.99% HTML 27.44% Pascal 0.71%

puppet-fooacl's Introduction

puppet-fooacl

Overview

Manage POSIX filesystem ACLs with Puppet.

Most (all?) other ACL modules implement a type which can be declared only once per file, which isn't flexible. This module takes the unusual approach of creating a single large concatenated script to manage all ACLs in a single run. Ugly, yet very efficient and flexible since ACLs aren't tied to the file type in any way.

Features :

  • Set ACLs for the same path from different parts of your puppet manifests (flexible).
  • Set global ACL permissions to be applied for all paths managed by the module (flexible).
  • Automatic purging of ACLs on paths as long as at least one ACL is still being applied by the module (remove users easily and reliably).
  • By setting default_acls => true, a default ACL entry will be created for each specified permission.

Limitations :

  • No purging once paths are no longer being managed by the module.
  • Any ACL changes trigger re-applying all ACLs (fine for a few thousands files, but typically an issue for millions of files).

Module content :

  • fooacl : Class to start managing ACLs with the module (fooacl::conf automatically includes it).
  • fooacl::conf: Definition to manage ACLs configuration.

Examples

A typical declaration from anywhere in your puppet manifests :

fooacl::conf { '/var/www/www.example.com':
  permissions => [
    'user:userA:rwX',
    'user:userB:rwX',
    'user:userX:r-X',
  ],
}

From anywhere else, you may set more ACLs for the same /var/www/www.example.com directory as long as you don't use the same $title (that would cause a duplicate declatation), so you would do :

fooacl::conf { 'www.example.com-other-team':
  target      => '/var/www/www.example.com',
  permissions => [
    'user:userC:rwX',
    'user:userY:r-X',
  ],
}

Parameter requirements :

  • If $target is not specificed, $title must be the target.
  • If $target is specified, as a directory or an array of directories, $title is ignored (this allows to work around duplicate declarations)
  • The special $title of 'default' will apply permissions to all directories managed by this module on the node. Useful for global access on certain nodes.

If you need to order some of your resources with the execution of the script contained in the module (e.g. refresh when you modify uid or gid values), use :

foo { 'bar':
  ...
  notify => Class['::fooacl'],
}

More advanced example :

# Global webmasters
fooacl::conf { 'default':
  permissions => [
    'user:userA:rwX',
    'user:userB:rwX',
  ],
}
# Frontend website webmasters
fooacl::conf { 'frontend':
  target => [
    '/var/www/frontend.example.com',
    '/var/www/frontend.example.org',
  ],
  permissions => [
    'user:userX:rwX',
    'user:userY:rwX',
  ],
}
# Backend website webmasters
fooacl::conf { 'backend':
  target => [
    '/var/www/backend.example.com',
    '/var/www/backend.example.org',
  ],
  permissions => [
    'user:userZ:rwX',
  ],
}
# Some configuration file
fooacl::conf { configuration':
  target => [
    '/etc/nginx/sites-available/backend.example.com.conf',
    '/etc/nginx/sites-available/backend.example.org.conf',
  ],
  permissions => [
    'user:userZ:rwX',
  ],
  recursive => false,
}

Debugging

You can set the module fooacl_noop globally using hiera :

---
fooacl::fooacl_noop: true

After which the /usr/local/sbin/fooacl script will get updated but won't be automatically run.

puppet-fooacl's People

Contributors

ctoa avatar lloy0076 avatar ncstate-daniel avatar slashbunny avatar sst-yde avatar thias avatar vincentbernat avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.