finish work for unpriviledged user

To be able to use the module as an unprivileged user we need to adjust certain things: * only enforce the run user and group if we are root and can actually change the user * set owner/group of our files and directories to our own user/group * place the concat script in a location we can write -> use the concat dir for that.
2011-06-23 13:37:03 +02:00 · 2011-06-23 13:37:03 +02:00 · b9e33c4e6b
commit b9e33c4e6b
parent 45dfa6984c
3 changed files with 23 additions and 16 deletions
--- a/manifests/fragment.pp
+++ b/manifests/fragment.pp
@ -13,7 +13,7 @@
 #   - group     Owner of the file
 #   - backup    Controls the filebucketing behavior of the final file and
 #               see File type reference for its use.  Defaults to 'puppet'
-define concat::fragment($target, $content='', $source='', $order=10, $ensure = "present", $mode = 0644, $owner = root, $group = $concat::setup::root_group, $backup = "puppet") {
+define concat::fragment($target, $content='', $source='', $order=10, $ensure = "present", $mode = 0644, $owner = $id, $group = $concat::setup::root_group, $backup = "puppet") {
    $safe_name = regsubst($name, '/', '_', 'G')
    $safe_target_name = regsubst($target, '/', '_', 'G')
    $concatdir = $concat::setup::concatdir
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -44,9 +44,9 @@
 #
 # DETAIL:
 # We use a helper shell script called concatfragments.sh that gets placed
-# in /usr/local/bin to do the concatenation.  While this might seem more 
-# complex than some of the one-liner alternatives you might find on the net
-# we do a lot of error checking and safety checks in the script to avoid 
+# in <Puppet[:vardir]>/concat/bin to do the concatenation.  While this might
+# seem more complex than some of the one-liner alternatives you might find on
+# the net we do a lot of error checking and safety checks in the script to avoid
 # problems that might be caused by complex escaping errors etc.
 # 
 # LICENSE:
@ -87,7 +87,7 @@
 # ALIASES:
 #  - The exec can notified using Exec["concat_/path/to/file"] or Exec["concat_/path/to/directory"]
 #  - The final file can be referened as File["/path/to/file"] or File["concat_/path/to/file"]  
-define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group, $warn = "false", $force = "false", $backup = "puppet", $gnu = "true", $order="alpha") {
+define concat($mode = 0644, $owner = $id, $group = $concat::setup::root_group, $warn = "false", $force = "false", $backup = "puppet", $gnu = "true", $order="alpha") {
    $safe_name   = regsubst($name, '/', '_', 'G')
    $concatdir   = $concat::setup::concatdir
    $version     = $concat::setup::majorversion
@ -126,7 +126,7 @@ define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group
    }

    File{
-        owner  => root,
+        owner  => $id,
        group  => $group,
        mode   => $mode,
        backup => $backup
@ -164,13 +164,17 @@ define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group
    }

    exec{"concat_${name}":
-        user      => root,
-        group     => $group,
        notify    => File[$name],
        subscribe => File[$fragdir],
        alias     => "concat_${fragdir}",
-        require   => [ File["/usr/local/bin/concatfragments.sh"], File[$fragdir], File["${fragdir}/fragments"], File["${fragdir}/fragments.concat"] ],
-        unless    => "/usr/local/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${gnuflag}",
-        command   => "/usr/local/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${gnuflag}",
+        require   => [ File[$fragdir], File["${fragdir}/fragments"], File["${fragdir}/fragments.concat"] ],
+        unless    => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${gnuflag}",
+        command   => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${gnuflag}",
+    }
+    if $id == 'root' {
+      Exec["concat_${name}"]{
+        user      => root,
+        group     => $group,
+      }
    }
 }
--- a/manifests/setup.pp
+++ b/manifests/setup.pp
@ -13,12 +13,15 @@
 #
 # It also copies out the concatfragments.sh file to /usr/local/bin
 class concat::setup {
-    $root_group = 0
+    $root_group = $id ? {
+      root => 0,
+      default => $id
+    }
    $concatdir = $concat_basedir
    $majorversion = regsubst($puppetversion, '^[0-9]+[.]([0-9]+)[.][0-9]+$', '\1')

-    file{"/usr/local/bin/concatfragments.sh": 
-            owner  => root,
+    file{"${concatdir}/bin/concatfragments.sh":
+            owner  => $id,
            group  => $root_group,
            mode   => 755,
            source => $majorversion ? {
@ -26,9 +29,9 @@ class concat::setup {
                        default => "puppet:///modules/concat/concatfragments.sh"
                      };

-         $concatdir: 
+         [ $concatdir, "${concatdir}/bin" ]:
            ensure => directory,
-            owner  => root,
+            owner  => $id,
            group  => $root_group,
            mode   => '0750';
    }