Resource Type: posix_acl

Defined in:
lib/puppet/type/posix_acl.rb
Providers:
posixacl
genericacl

Overview

Ensures that a set of ACL permissions are applied to a given file or directory.

Example:

    posix_acl { '/var/www/html':
      action      => exact,
      permission  => [
        'user::rwx',
        'group::r-x',
        'mask::rwx',
        'other::r--',
        'default:user::rwx',
        'default:user:www-data:r-x',
        'default:group::r-x',
        'default:mask::rwx',
        'default:other::r--',
      ],
      provider    => posixacl,
      recursive   => true,
    }

In this example, Puppet will ensure that the user and group
permissions are set recursively on /var/www/html as well as add
default permissions that will apply to new directories and files
created under /var/www/html

Setting an ACL can change a file's mode bits, so if the file is
managed by a File resource, that resource needs to set the mode
bits according to what the calculated mode bits will be, for
example, the File resource for the ACL above should be:

    file { '/var/www/html':
           mode => 754,
         }

Properties

  • permission

    ACL permission(s).

Parameters

  • action (defaults to: set)

    What do we do with this list of ACLs? Options are set, unset, exact, and purge

    Supported values:
    • set
    • unset
    • exact
    • purge
  • ignore_missing (defaults to: false)

    What to do if files are missing: false: fail run, quiet: quietly do nothing, notify: do not try to to set ACL, but add notice to run

    Supported values:
    • false
    • quiet
    • notify
  • path (namevar)

    The file or directory to which the ACL applies.

  • provider

    The specific backend to use for this ‘posix_acl` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • recursemode (defaults to: lazy)

    Should Puppet apply the ACL recursively with the -R option or apply it to individual files?

    lazy means -R option deep means apply to every file

    Supported values:
    • lazy
    • deep
  • recursive (defaults to: false)

    Apply ACLs recursively.

    Supported values:
    • true
    • false