I’ve been working with Puppet some time now, and we are configuring our way through a lot of hosts, with 6 persons, all working in the same Puppet master directory.
This should work fine with all UNIX/Linux groups and setgid directories. But
simple problem arose with the git version control stuff.
Once in a while the complete git repo was destroyed and quite a lot of
searching revealed the reason why.
We are all working as non-root and we are all members of the Puppet group. But:
When I edit a file and commit it, the corresponding files in the git repo are
made by me and the rights are set according to my umask. When someone else
tries to edit the same file or something else which results in the same hash
files, writing is not permitted, because of my ownership. A chown in a script
will not work, as a chown is not honored as a non-root user.
This problem can simply be solved by setting the umask to something like
007 (or u=gwx,g=gwx,o=). But when I do edit stuff in my home-directory I do
not want an open umask like that. So what to do, as ext[234] do not support
per directory umasks.
I use zsh as a shell and I found a nice function in the man-page. There is a
standard function, called chpwd() that gets executed every time a directory
change is made. So I only had to fill in the blanks.
This is what I came up with:
chpwd()
{
case "${PWD}/"
in
/etc/puppet/*)
[[ ${UMSAVE} = 0 ]] &&
{ um=$(umask)
UMSAVE=1
}
umask 007
;;
*)
[[ x"${um}" != x"" ]] && umask ${um}
UMSAVE=0
;;
esac
}
Now, when I change to the directory /etc/puppet I do get a umask of 007
and when I cd somewhere else, I do get the original umask.
How much fun can it be ;-)