Puppet: System Administration Automated

Support

File Permissions Check Recipe

Problem

I create some files on each server in my home dir. They're downloaded from the puppetmaster. But some files or directories need other permissions. Now consider the following: 

file { "/home/donkey":
  recurse => true,
  owner => "donkey",
  group => "fearme",
  source => "puppet://puppet/home/donkey",
  backup => false,
  require => User["donkey"]
}

file { "/home/donkey/.ssh":
  mode => 700,
}

This won't work, because .ssh will not be downloaded. It's under control of the second recipe and it doesn't say anything about downloading.

Solution

Consider the following definition: 

define check_mode($mode) {
  exec { "/bin/chmod $mode $name":
    unless => "/bin/sh -c '[ $(/usr/bin/stat -c %a $name) == $mode ]'",
  }
}

Now we can fix it! Like so: 

# Change permissions on .ssh
check_mode { "/home/donkey/.ssh":
  mode => 700,
}