1 Puppet::Type.type(:posix_acl).provide(:posixacl, parent: Puppet::Provider) do
2 desc 'Provide posix 1e acl functions using posix getfacl/setfacl commands'
4 commands setfacl: '/usr/bin/setfacl'
5 commands getfacl: '/usr/bin/getfacl'
7 confine feature: :posix
8 defaultfor operatingsystem: [:debian, :ubuntu, :redhat, :centos, :fedora, :sles]
14 def unset_perm(perm, path)
15 # Don't try to unset mode bits, it doesn't make sense!
16 return if perm =~ %r{^(((u(ser)?)|(g(roup)?)|(m(ask)?)|(o(ther)?)):):}
18 perm = perm.split(':')[0..-2].join(':')
20 setfacl('-R', '-n', '-x', perm, path)
22 setfacl('-n', '-x', perm, path)
26 def set_perm(perm, path)
28 setfacl('-R', '-n', '-m', perm, path)
30 setfacl('-n', '-m', perm, path)
35 @resource.value(:permission).each do |perm|
36 unset_perm(perm, @resource.value(:path))
42 setfacl('-R', '-b', @resource.value(:path))
44 setfacl('-b', @resource.value(:path))
49 return [] unless File.exist?(@resource.value(:path))
51 # String#lines would be nice, but we need to support Ruby 1.8.5
52 getfacl('--absolute-names', '--no-effective', @resource.value(:path)).split("\n").each do |line|
53 # Strip comments and blank lines
54 value << line.gsub('\040', ' ') if line !~ %r{^#} && line != ''
60 # Changed functionality to return boolean true or false
61 @resource.value(:recursive) == :true && resource.value(:recursemode) == :lazy
65 @resource.value(:action) == :exact
69 @resource.value(:action) == :unset
73 @resource.value(:action) == :purge
77 @resource.value(:action) == :set
80 def permission=(_value) # TODO: Investigate why we're not using this parameter
81 Puppet.debug @resource.value(:action)
82 case @resource.value(:action)
89 perm_to_set = @resource.value(:permission) - cur_perm
90 perm_to_unset = cur_perm - @resource.value(:permission)
91 return false if perm_to_set.empty? && perm_to_unset.empty?
92 # Take supplied perms literally, unset any existing perms which
93 # are absent from ACLs given
95 perm_to_unset.each do |perm|
96 # Skip base perms in unset step
97 if perm =~ %r{^(((u(ser)?)|(g(roup)?)|(m(ask)?)|(o(ther)?)):):}
98 Puppet.debug "skipping unset of base perm: #{perm}"
100 unset_perm(perm, @resource.value(:path))
104 perm_to_set.each do |perm|
105 set_perm(perm, @resource.value(:path))