I’ve been working with Puppet some time now, and we are configuring our way through a lot of hosts, with 6 persons, all working in the same Puppet master directory.
This should work fine with all UNIX/Linux groups and setgid
directories. But simple problem arose with the git
version control
stuff.
Once in a while the complete git
repo was destroyed and quite a lot of
searching revealed the reason why.
We are all working as non-root and we are all members of the Puppet
group. But: When I edit a file and commit it, the corresponding files in
the git repo are made by me and the rights are set according to my
umask
. When someone else tries to edit the same file or something else
which results in the same hash files, writing is not permitted, because
of my ownership. A chown
in a script will not work, as a chown
is
not honored as a non-root user.
This problem can simply be solved by setting the umask
to something
like 007
(or u=gwx,g=gwx,o=
). But when I do edit stuff in my
home-directory I do not want an open umask
like that. So what to do,
as ext[234]
do not support per directory umasks.
I use zsh
as a shell and I found a nice function in the man-page.
There is a standard function, called chpwd()
that gets executed every
time a directory change is made. So I only had to fill in the blanks.
This is what I came up with:
chpwd()
{
case "${PWD}/"
in
/etc/puppet/*)
[[ ${UMSAVE} = 0 ]] &&
{ um=$(umask)
UMSAVE=1
}
umask 007
;;
*)
[[ x"${um}" != x"" ]] && umask ${um}
UMSAVE=0
;;
esac
}
Now, when I change to the directory /etc/puppet
I do get a umask
of
007
and when I cd
somewhere else, I do get the original umask
.
How much fun can it be ;-)