# How can i Chown directories recursivley

I have to see that /usr/share/jbossas and all the files and directories under it are jboss:jboss all the time below is the Linux command I use.

chown -R jboss:jboss /us/share/jbossas

We have puppet installed in environment with 1500 servers.

edit retag close merge delete

Sort by » oldest newest most voted

I am by far not an expert, but maybe this will help..

exec { 'jboss chown':
command  => "/bin/chown -R jboss:jboss /usr/share/jbossas",
require  => File['/usr/share/jbossas'],
unless   => '/bin/ls -ld /usr/share/jbossas | /bin/grep "jboss jboss"',
}


You will need to have something that you can match against, so that it doesn't always run, hence the "unless".. this is not a very elegant "unless", and you would need to provide something that would be valid. You also need to have declared the /usr/share/jbossas resource in your manifest

You might also consider using the the recurse attribute ( https://docs.puppetlabs.com/references/latest/type.html#file ) however in my experience, it took a lot longer for the manifest to apply using the recurse from puppet, as opposed to using the chown. But in the event that you aren't able to come up with something to use as a check for your exec (ie the "unless"), i dont know that the performing an exec would be an option. From the looks of it, you would probably need to use recurse, as you dont have a specific file/directory to check to see if it was jboss:jboss..

file { '/usr/share/jbossas' :
ensure    => directory,
owner     => 'jboss',
group      => 'jboss',
require     => [ User['jboss'], Group['jboss'], ],
recurse    => true,


}

so something like to snippet above might be the direction you would need to go (obviously you need to have defined the group and user for the above snip to work.

It goes without saying, that if you are going to run this against 1500 servers, you will want to test test test test before you implement anything..

EDIT: Based on your comment, If you know that the files that are incorrectly owned will be owned by root, and you are OK with the overhead of scanning the directory every run, you could do the following

exec { 'jboss chown':
command  => "/bin/chown -R jboss:jboss /usr/share/jbossas",
require  => File['/usr/share/jbossas'],
onlyif   => '/bin/ls -lhR /usr/share/jbossas/ | /bin/grep -i root',
}


Which means that only if the return value for the command returns a value of 1 will it execute.. again, this might not be a good solution as there may be lots of files to evaluate every run, as well as if there are files that are owned by something other than root wont trigger a run.

more

Had a peak at the previous posts, and believe that at find -exec is a bit faster:

exec {'seafile_chown':
command => '/usr/bin/find /opt/seafile ! -user seafile -exec /bin/chown seafile:seafile {} \;'
}


I just skip the onlyif, as I'm doing the find anyway.

Best regards Ragnar Hongset @raghon Consulting www.raghon.no

more

can we have this check and if the output is greater than o then execute it

checkusr=ls -lhR /usr/share/jbossas/ | grep -i root | wc -l [root@ jbossas]# echo \$checkusr 1 Can we have a loop to check if checkusr is greater than 1 then ony perform the 'jboss chown'

more

In theory, I think that would work... but the depending on the number of files in the directory, that might be a lot of overhead to scan the entire directory every 30 min, on 1500 systems. You wouldnt want to loop, only add that cmd as the limiter in the exec command (see edited solution above)

( 2015-02-13 09:04:35 -0500 )edit

Execs can have a very high overhead. Adding this to a manifest may have a negative effect on the speed of your runs and that can cascade over 1500 nodes. It may be better to look for a cron job.

cron {'chown_jbossas':
ensure  => present,
command => '/bin/chown -R jboss:jboss /usr/share/jbossas'
minute  => 0,
user    => 'root',
}


You could set the hour/minute/etc to the correct specificity. and the burden is now on your nodes rather than on the master. Of course, Puppet will still enforce the cron job being present.

more