Given root can override the DACL, in the absence of SELinux, both commands could be run as root, no?
Anyway, I am happy to assume that there is some part of the cleanup process that requires running as the unprivileged user, and which is not about DACL overrides or whatever; filing a new feature request would be the next logic step here, so that we capture your needs. Until then, you are kind of stuck with something like using 'su' to change UID in one of the commands. Daniel On Sun, Jun 26, 2011 at 11:01, ssk1287 <kulkarni.swar...@gmail.com> wrote: > Consider the following scenario. > > I have a PROCESS 1 triggered by COMMAND 1 which is run by USER 1 that > creates a folder FOLDER 1 which is owned by the root as it should be > accessible to all users of the system. Now, before I run COMMAND 1, I > need to run a command COMMAND 2 that clean ups this FOLDER 1 that was > created during the previous run so as to have a fresh start. Since > FOLDER 1 is owned by root, I need to run COMMAND 2 as a root user but > my COMMAND 1 is run by USER 1. > > On Jun 25, 1:56 pm, Daniel Pittman <dan...@puppetlabs.com> wrote: >> Nope. If you feel strongly that there should be, you can drop in a >> feature request or submit a patch, and we would be happy to consider >> it. Generally, though, it seems like a very strange requirement. I >> can't imagine why you would need to do those operations as different >> users, although I absolutely believe you when you say that you do. >> >> It would be very helpful, so, if you could explain what the root cause >> of that need is. :) >> >> Daniel >> >> On Sat, Jun 25, 2011 at 06:54, ssk1287 <kulkarni.swar...@gmail.com> wrote: >> > That is exactly what I ended up using. Isn't there a more "puppetty" >> > way of doing this ? >> >> > On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com> wrote: >> >> Use su -c <cmd> user? >> >> -- >> >> Nathan Clemonshttp://www.livemocha.com >> >> The worlds largest online language learning communityOn Fri, Jun 24, 2011 >> >> at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote: >> >> > I have the following exec in my manifest : >> >> >> > exec { some_exec: >> >> > path => [ "/bin","/usr/bin","/usr/local/bin" ], >> >> > command => "EXECUTE COMMAND 1", >> >> > onlyif => "EXECUTE COMMAND 2", >> >> > logoutput => "on_failure" >> >> > } >> >> >> > I want that the "COMMAND 1" should be executed by "USER 1" and >> >> > "COMMAND 2" should be executed by "USER 2". Is there a way to do it ? >> >> > I tried giving the "users" parameter, but that seems to apply to both >> >> > the commands. >> >> >> > Thanks in advance, >> >> >> > -- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "Puppet Users" group. >> >> > To post to this group, send email to puppet-users@googlegroups.com. >> >> > To unsubscribe from this group, send email to >> >> > puppet-users+unsubscr...@googlegroups.com. >> >> > For more options, visit this group at >> >> >http://groups.google.com/group/puppet-users?hl=en. >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Puppet Users" group. >> > To post to this group, send email to puppet-users@googlegroups.com. >> > To unsubscribe from this group, send email to >> > puppet-users+unsubscr...@googlegroups.com. >> > For more options, visit this group >> > athttp://groups.google.com/group/puppet-users?hl=en. >> >> -- >> ⎋ Puppet Labs Developer –http://puppetlabs.com >> ✉ Daniel Pittman <dan...@puppetlabs.com> >> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 >> ♲ Made with 100 percent post-consumer electrons > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <dan...@puppetlabs.com> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
