diff options
| author | Peter Meier <peter.meier@immerda.ch> | 2011-06-23 13:37:03 +0200 |
|---|---|---|
| committer | Peter Meier <peter.meier@immerda.ch> | 2011-06-23 13:57:09 +0200 |
| commit | b9e33c4e6b42c9e35e0db6c1494dafc4a4c5f07e (patch) | |
| tree | 0e1eee50dbc91fef9335d1ad6a5f65206ad551da | |
| parent | 45dfa6984cb185afc85c183152fbc6c2837e1345 (diff) | |
finish work for unpriviledged user
To be able to use the module as an unprivileged user we need to
adjust certain things:
* only enforce the run user and group if we are root and can
actually change the user
* set owner/group of our files and directories to our own user/group
* place the concat script in a location we can write -> use the
concat dir for that.
| -rw-r--r-- | manifests/fragment.pp | 2 | ||||
| -rw-r--r-- | manifests/init.pp | 24 | ||||
| -rw-r--r-- | manifests/setup.pp | 13 |
3 files changed, 23 insertions, 16 deletions
diff --git a/manifests/fragment.pp b/manifests/fragment.pp index 7afc4c0..1fb4128 100644 --- a/manifests/fragment.pp +++ b/manifests/fragment.pp @@ -13,7 +13,7 @@ # - group Owner of the file # - backup Controls the filebucketing behavior of the final file and # see File type reference for its use. Defaults to 'puppet' -define concat::fragment($target, $content='', $source='', $order=10, $ensure = "present", $mode = 0644, $owner = root, $group = $concat::setup::root_group, $backup = "puppet") { +define concat::fragment($target, $content='', $source='', $order=10, $ensure = "present", $mode = 0644, $owner = $id, $group = $concat::setup::root_group, $backup = "puppet") { $safe_name = regsubst($name, '/', '_', 'G') $safe_target_name = regsubst($target, '/', '_', 'G') $concatdir = $concat::setup::concatdir diff --git a/manifests/init.pp b/manifests/init.pp index 3a17346..19d91a1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -44,9 +44,9 @@ # # DETAIL: # We use a helper shell script called concatfragments.sh that gets placed -# in /usr/local/bin to do the concatenation. While this might seem more -# complex than some of the one-liner alternatives you might find on the net -# we do a lot of error checking and safety checks in the script to avoid +# in <Puppet[:vardir]>/concat/bin to do the concatenation. While this might +# seem more complex than some of the one-liner alternatives you might find on +# the net we do a lot of error checking and safety checks in the script to avoid # problems that might be caused by complex escaping errors etc. # # LICENSE: @@ -87,7 +87,7 @@ # ALIASES: # - The exec can notified using Exec["concat_/path/to/file"] or Exec["concat_/path/to/directory"] # - The final file can be referened as File["/path/to/file"] or File["concat_/path/to/file"] -define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group, $warn = "false", $force = "false", $backup = "puppet", $gnu = "true", $order="alpha") { +define concat($mode = 0644, $owner = $id, $group = $concat::setup::root_group, $warn = "false", $force = "false", $backup = "puppet", $gnu = "true", $order="alpha") { $safe_name = regsubst($name, '/', '_', 'G') $concatdir = $concat::setup::concatdir $version = $concat::setup::majorversion @@ -126,7 +126,7 @@ define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group } File{ - owner => root, + owner => $id, group => $group, mode => $mode, backup => $backup @@ -164,13 +164,17 @@ define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group } exec{"concat_${name}": - user => root, - group => $group, notify => File[$name], subscribe => File[$fragdir], alias => "concat_${fragdir}", - require => [ File["/usr/local/bin/concatfragments.sh"], File[$fragdir], File["${fragdir}/fragments"], File["${fragdir}/fragments.concat"] ], - unless => "/usr/local/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${gnuflag}", - command => "/usr/local/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${gnuflag}", + require => [ File[$fragdir], File["${fragdir}/fragments"], File["${fragdir}/fragments.concat"] ], + unless => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${gnuflag}", + command => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${gnuflag}", + } + if $id == 'root' { + Exec["concat_${name}"]{ + user => root, + group => $group, + } } } diff --git a/manifests/setup.pp b/manifests/setup.pp index 5b3ad26..53092ab 100644 --- a/manifests/setup.pp +++ b/manifests/setup.pp @@ -13,12 +13,15 @@ # # It also copies out the concatfragments.sh file to /usr/local/bin class concat::setup { - $root_group = 0 + $root_group = $id ? { + root => 0, + default => $id + } $concatdir = $concat_basedir $majorversion = regsubst($puppetversion, '^[0-9]+[.]([0-9]+)[.][0-9]+$', '\1') - file{"/usr/local/bin/concatfragments.sh": - owner => root, + file{"${concatdir}/bin/concatfragments.sh": + owner => $id, group => $root_group, mode => 755, source => $majorversion ? { @@ -26,9 +29,9 @@ class concat::setup { default => "puppet:///modules/concat/concatfragments.sh" }; - $concatdir: + [ $concatdir, "${concatdir}/bin" ]: ensure => directory, - owner => root, + owner => $id, group => $root_group, mode => '0750'; } |