Hi, I have just published the module I use to manage POSIX ACLs : fooacl
I don't consider it the cleanest possible approach to the problem, but it's very efficient and flexible. I would actually call it a hack :-) There's room for improvement, such as splitting out Execs per managed path to avoid useless re-applying on unchanged paths, or using file snippets without concat to avoid depending on that module. Pull requests are more than welcome :-) I'll publish it to the forge shortly, too. https://github.com/thias/puppet-fooacl Short extract of the README : -- Most (all?) other ACL modules implement a type which can be declared only once per file, which isn't flexible. This module takes the unusual approach of creating a single large concatenated script to manage all ACLs recursively in a single run. Ugly, yet very efficient and flexible since ACLs aren't tied to the file type in any way. Features : * Set ACLs for the same path from different parts of your puppet manifests (flexible). * Set global ACL permissions to be applied for all paths managed by the module (flexible). * Automatic purging of ACLs on paths as long as at least one ACL is still being applied by the module (remove users easily and reliably). * Automatic setting of both normal and default ACLs to the same values (shortens declarations, increases code readability). -- Feedback welcome! Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██████████████ Mail/XMPP: matth...@saou.eu ████ ██████ ████ ██████████████████████ GPG: 4096R/E755CC63 ██ ██████████████ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 ████ ████ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131217121020.26ae07e9%40r2d2.marmotte.net. For more options, visit https://groups.google.com/groups/opt_out.