How do I create a directory with multiple groups owning it using Puppet?
I would like to have users in 'group1' and 'group2' to all have access to the directory.
I tried the code below and it only grants ownership to group1.
file { [ "some/path1", "some/path2" ]:
ensure => directory,
owner => 'root',
group => ['group1', 'group2'],
mode => 0770,
}
As far as I know, the basic file type in Puppet only handles discretionary permissions that only allow for one group and one owner. It is a limitation of the underlying system.
Depending on your client's platform you can use ACLs to grant varied permissions to more than one group or user. To do this in Puppet you would have to use an Exec and invoke setfacl (if you were on Linux, for example) directly.
Puppet's file{} resource type only implement the Unix permissions, sometime known as User-Group-Other (UGO)... so only one group since Puppet does the same as chown, chgrp, chmod:
file { [ '/path/to/file' ]:
owner => 'root',
group => 'marketing',
mode => 0770,
ensure => directory,
}
There are many extra modules available to manage ACL with Puppet:
I use the puppet-acl. Here is an example :
acl {'/path/to/file' :
action => 'set',
permission => ['user::rwx',
'group::rwx',
'group:sales:rwx',
'mask::rwx',
'other::---',
'default:user::rwx',
'default:group:sales:rwx',
'default:group:marketing:rwx',
'default:mask::rwx',
'default:other::---'],
require => File['/path/to/file']
}
Side notes:
file{} and acl{} permissions for user: and group: and other: are consistent (otherwise the permission will balance at each puppet run).