[Labs-l] Fwd: 3/4 digit file permissions in puppet, SGID, "puppet apply" and style

[Daniel Zahn]

cross-posting from ops/production, i thought it might be helpful for
labs users starting with puppet work


---------- Forwarded message ----------
From: Daniel Zahn <dzahn at wikimedia.org>
Date: Fri, Apr 13, 2012 at 3:51 AM
Subject: 3/4 digit file permissions in puppet, SGID, "puppet apply" and style


just on a note about puppet and file / directory permissions:

if you look at 2.7 puppet docs (which is still popular in google, and
we are 2.7.7.) , type reference, -> "mode":

http://docs.puppetlabs.com/references/2.7.0/type.html#file

you still get the "Currently relatively limited" and an example using
3-digit modes.

Note: This also explains how puppet always adds a +1 on directories,
no matter what. The reason you just need 644 instead of 755 f.e.

But if you look in "latest" docs, same place:

http://docs.puppetlabs.com/references/latest/type.html#file

the docs about "mode" are extended a lot and say "Numeric modes should
use the standard four-digit octal notation"
and also mention "<setuid/setgid/sticky>"

when hashar wanted to use "2" (SGID) in
https://gerrit.wikimedia.org/r/#change,4743

i wanted to test if it works as expected and from the #puppet channel
i got told to simply test it by:

echo 'file { "/tmp/foo_puppet_test_123": ensure => directory, mode =>
2644; }' | puppet apply

so, a) yeah, we should always use 4 digits,
     b) using SGID on a directory to have newly created subdirs owned
by the group works as expected
     c)  echo ".." | puppet apply    is a really nice way to test
other things as well

Regards,

P.S. Feel free to comment on the merged change above on the "6" vs.
"7" style question in there. i would have preferred to drop what
puppet adds anyways, but since it does it is just a style question and
i agreed it's better to at least stay consistent across the file.  Do
we want a wikimedia puppet style guide page?


-- 
--
Daniel Zahn <dzahn at wikimedia.org>