I’ve been working with Puppet some time now, and we are configuring our way through a lot of hosts, with 6 persons, all working in the same Puppet master directory.
This should work fine with all UNIX/Linux groups and setgid
directories. But
simple problem arose with the git
version control stuff.
Once in a while the complete git
repo was destroyed and quite a lot of
searching revealed the reason why.
We are all working as non-root and we are all members of the Puppet group. But:
When I edit a file and commit it, the corresponding files in the git repo are
made by me and the rights are set according to my umask
. When someone else
tries to edit the same file or something else which results in the same hash
files, writing is not permitted, because of my ownership. A chown
in a script
will not work, as a chown
is not honored as a non-root user.
This problem can simply be solved by setting the umask
to something like
007
(or u=gwx,g=gwx,o=
). But when I do edit stuff in my home-directory I do
not want an open umask
like that. So what to do, as ext[234]
do not support
per directory umasks.
I use zsh
as a shell and I found a nice function in the man-page. There is a
standard function, called chpwd()
that gets executed every time a directory
change is made. So I only had to fill in the blanks.
This is what I came up with:
chpwd()
{
case "${PWD}/"
in
/etc/puppet/*)
[[ ${UMSAVE} = 0 ]] &&
{ um=$(umask)
UMSAVE=1
}
umask 007
;;
*)
[[ x"${um}" != x"" ]] && umask ${um}
UMSAVE=0
;;
esac
}
Now, when I change to the directory /etc/puppet
I do get a umask
of 007
and when I cd
somewhere else, I do get the original umask
.
How much fun can it be ;-)