On Monday, October 28, 2013 4:07:55 PM UTC-5, Rob Reynolds wrote:
>
>
>
>
> On Mon, Oct 28, 2013 at 2:59 PM, John Bollinger
> <john.bo...@stjude.org<javascript:>
> > wrote:
>
>>
>> Moreover, if ACEs are separate resources then they can be decentralized.
>> Suppose, for instance, that a module managing some application needs to
>> create a local user and grant that user permissions to access some system
>> directory. All is good if it can just drop an appropriate ACE in place,
>> but it's an awful mess if the module needs to manage a whole ACL of a
>> directory that doesn't belong to it. Especially so when you consider that
>> no resource can be declared more than once.
>>
>
>
> How would this model look? Noting that last items about a resource being
> declared more than once.
>
>
The application module in question would simply declare the needed Ace
resource(s). We're talking about permissions for a user belonging to the
module, so there should be no conflict with any other module. Such an ACE
resource might look like my previous example:
ace { 'my_app_user/some_dir':
identity => 'my_app_user',
file => 'c:/windows/temp/some_dir',
priority => 100,
rights => 'modify',
type => 'allow'
}
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/0a600829-4d42-4a80-bcd6-e9d3889d0b45%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
