On Monday, October 28, 2013 2:55:32 AM UTC-5, Klavs Klavsen wrote:
>
>
>
> Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds:
>
[...]
> The format could look something like the following:
>>
>> acl { 'c:/windows/temp/tempfile.txt':
>> ensure => present,
>> permissions => {
>> 'Administrators' => ['full']
>> 'bob' => ['mwrx'],
>> 'SomeDomain\Lisa' => [x10000000,'allow','inherit','one_level'],
>> 'S-5-1-18' => ['wrx','deny','inherit_objects_only','inherit_only']
>> },
>> }
>>
>> acl { 'c:/windows/temp/locked_dir':
>> ensure => exact,
>>
>>
> That one throws me.. ensure exact? I would expect 'exact' to be the same
> as 'present' (which in thise case is kinda odd wording- but so is exact..
> who would want puppet to "almost" ensure something?
>
I think Klavs has an excellent point there. After some consideration, I
think I understand what 'exact' is supposed to mean -- that the ACL should
contain the specified entries *and no others* -- but the perceived need for
such a thing suggests that the proposed model is too high level. Instead
of wrapping everything up into a single Acl resource type, I think you need
a resource type for individual ACEs. That would also allow you to ensure
some specific entries present in and some others absent from the same ACL,
without requiring that all wanted entries be enumerated. A model inspired
by the Concat module might be suitable.
Note too that in the Puppet universe, a parameter or value indicating that
unmanaged resources should be removed is conventionally spelled "purge" or
"purged".
Additionally, although POSIX ACEs are unordered, it is my understanding
that the order of ACEs within a Windows ACL is significant. If that is
indeed correct then I don't see how the proposed model accounts for it.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
