menu

Questions & Answers

How to use a Puppet File Resource to give different permissions on a directory than to it's files?

I would like to use Puppet to manage a directory. I want the directory to be owned by user root and group admin, with 0770 permissions.

I would like all files in the directory to be owned by user apache and group admin with 0600 permissions.

I have yet to find a way to achieve this using the file resource in Puppet. I have tried using two resources like so:

file { 'phpsessions_files':
    path => '/var/phpsessions',
    ensure => directory,
    owner => 'apache',
    group => 'admin',
    mode => 0600,
    recurse => true,
    before => File['phpsessions_dir'],
}

file { 'phpsessions_dir':
    path => '/var/phpsessions',
    recurse => false,
    owner => 'root',
    group => 'admin',
    mode => 0770,
}

But I am not allowed to create two file resources to the same path and I can't see how to achieve what I want with just one resource.

Your help is much appreciated.

Answers(2) :

Create a define containing an exec to change the mode of the directory after it is recursed.

http://projects.puppetlabs.com/projects/1/wiki/File_Permission_Check_Patterns

Comments:
2023-01-23 23:52:06
How this will change the ownership of the file or directory which is already set by puppet file type ? If you try to change it via exec, the rules will be non-convergent.
2023-01-23 23:52:06
Good point. My fault, didn't notice the ownership change. Maybe add another exec to the define ensure that ownership is set correctly.
2023-01-23 23:52:06
That won't do either. You have to add a function that will loop over all the files and subdirectories inside the parent one to change the permissions and ownerships.
2023-01-23 23:52:06
sadly Puppetlabs shut the wiki down. link still in the archive.org though web.archive.org/web/20160401113847/http://…

To the best of my knowledge this is not possible in puppet. i would manage only the following

  file { 'phpsessions_dir':
      path => '/var/phpsessions',
      recurse => false,
      owner => 'root',
      group => 'admin',
      mode => 0770,
  }

php/apache should create the files within this folder with the correct permissions, If they don't fix that in php.ini. If you are worried that something else is gonna come along and change the permissions then fall back to a cron job or better yet a systemd.timer to periodicity check and correct them