This is an exciting and deep conversation, and very relevant to Mozilla's interests, as we've been struggling with the narrow pinhole of permissions that is mode.
The general concept that I would like to emphasize is that the puppet language has facilities for abstraction, and that can make conversations about conciseness of expression moot. If the fundamental type implementations are very granular (e.g., security descriptors and ACEs), the module itself can provide higher-level abstractions over those types for common uses, while allowing users to use the types directly for the more unusual cases. As regards the ability to specify ACEs for a particular path in different places: this reminds me of issues with group membership in POSIX, where it's difficult to add two different users, defined in different modules, to the same group. That's an unfortunate limitation that's difficult to work around with puppet abstractions, and it'd be great if this module didn't have similar issues. Dustin -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CAJtE5vQJvPnuCOts%2BMRm%3DzJkSiJ7X%2BO-TrvBOboq1X25H1qaRA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.