Skip to content

ACLs based on numerical UID result in repeated re-apply. #119

@matt-matt2

Description

@matt-matt2

My example:

  posix_acl { "filename":
    action => set,
    permission => [
      'user:2001:r--',
      'user:2002:r--',
    ],
  }

Results in:

Notice: /Stage[main]/Stunnel/Posix_acl/permission: current_value ["group::r--", "other::---", "user::rw-","user:phil:r--", "user:bob:r--"], should be ["user:2001:r--", "user:2002:r--"]

phil is user 2001, bob is user 2002. Puppet wants to re-apply this every time the code is run. (I know, silly example, why would you do that? but I have a use case for which this would be useful.)

The check will always fail because the check is made against the resolved usernames not the userIDs (and as an aside the check seems to be made against the complete getfacl output not the specific lines, but that's the gist of the other Issue linked). The code should check if a line match is found based on /either/ numerical id /or/ username.

This is a side-issue from the add this is linked to, and seems to be a separate case worthy of separate consideration, IMO.

Originally posted by @matt-matt2 in #58 (comment)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions