Ask Your Question
0

Mount Point Permissions

asked 2016-12-21 09:04:16 -0500

puser gravatar image

updated 2016-12-27 16:46:01 -0500

Stefan gravatar image

I am having a very frustrating problem with mounting.

Mounting requires a directory to exist. So I create a directory

file { '/app':
  ensure => directory,
  mode   => '0755',
}

Now I mount the logical filesytem to the directory

mount { '/app':
  ensure  => mounted,
  device  => "/dev/${lv_attribute[vg]}/${lv_attribute[name]}",
  options => defaults,
  dump    => $dump,
  pass    => $pass,
  fstype  => $fs_type,
}

So far so good. The problem I now have is I have a directory with permissions 755 and a mount with permissions ??? (default). Probably the umask of root. How do I set the permissions of the mount after the fact? I have already set the mode on the File so I can't call it twice. The only thing I have come up with is to have it run twice, but then the directory will match the permissions of the mount which is NOT what I want.

Has anyone encountered this yet or come up with a solution? I basically want a directory with xxx permissions and a mount on that directory with yyy permissions.

Is the mount is ever removed for whatever reason then I will have a directory with yyy permissions.

edit retag flag offensive close merge delete

Comments

You do not you suffer from `systemd`, do you? (`ls -l /sbin/init`) If you do, have a look at `systemd.mount(5)` https://freedesktop.org/software/systemd/man/systemd.mount.html

Kai Burghardt gravatar imageKai Burghardt ( 2016-12-21 15:15:52 -0500 )edit
add a comment

2 Answers

Sort by » oldest newest most voted
2

answered 2016-12-28 15:52:33 -0500

Kai Burghardt gravatar image

Some tweaks to stivesso's answer:

  1. You're doing a chown(1) to the user with the ID 755. You wanna do a chmod(1).
  2. And /bin/mkdir -m 0755 /app (mkdir(1) has a “mode” parameter), unless your exec provider is 'shell' and you want to separate the chmod(1).
  3. There's also a umask attribute.
  4. defaults (as the mount option) should be clearly marked as a string.
  5. You wanna use resource references to read resource attributes.

Eventually you'd end up with:

$_foo = '/app'

$_cmd = @("EOT"/L)
  /bin/mkdir -v -m 0755 ${Mount[$_foo]['name']} && \
  /bin/chown -v username:groupname ${Mount[$_foo]['name']}
  |-EOT

exec { $_foo:
  command  => $_cmd,
  creates  => Mount[$_foo]['name'],
  provider => 'shell',
  before   => Mount[$_foo],
}

mount { $_foo:
  ensure  => 'mounted',
  device  => "/dev/${lvattribute[vg]}/${lvattribute[name]}",
  fstype  => 'auto', # or whatever fstype it is
  options => 'defaults',
  dump    => 0, # 0 = do not dump
  pass    => 0, # 0 = do not do fsck
}

file { $_foo: 
  ensure  => 'directory', 
  mode    => '0644',
  require => Mount['/app'],
}
  • Added -v verbose flag to mkdir/chown, because I want to have everything (not just the errmsg) in the logs, if something went wrong.
  • Separated the command into a heredoc-variable, because I want long lines to be split up, and unfortunately heredocs don't work for resource definitions.
edit flag offensive delete link more

Comments

1

Greeeaaat (I'm still wondering how I missed the chown-chmod :-) Thanks)

stivesso gravatar imagestivesso ( 2016-12-28 22:48:02 -0500 )edit
add a comment
1

answered 2016-12-21 11:40:32 -0500

stivesso gravatar image

updated 2016-12-28 22:40:06 -0500

It is indeed a tricky situation, because you can change ownership of the filesystem directory system by using chown (exec) on the filesystem's mount point. But during the next puppet run it will change it again to 0755 and then chown will rewrite...

Anyway, my suggestion is to do it exactly as you'd be doing manually on System. Meaning, first, create the directory (using exec - mkdir) and give it the appropriate permission (unless it exists already). Then, mount the filesystem accordingly after the directory was created and finally set that directory permission. (See the metaparameters (before and require) added for exec and mount to control that ordering... Making sure that Filesystem permission is only applied after the mount)

Turning to Puppet, that will be something like:

    exec {'create_folder':
      command => 'mkdir /app && chmod 755 /app',
      unless      => 'test -d /app',
      path         => '/usr/bin:/usr/sbin:/bin',
      before      => Mount["/app"],
    }

    mount { "/app": 
      ensure   => 'mounted',
      device   => "/dev/${lvattribute[vg]}/${lvattribute[name]}",
      options => defaults,
      dump    => $dump,
      pass      => $pass,
      fstype   => $fs_type,
    }

  file { "/app": 
    ensure   => "directory", 
    mode     => "644", # or the one you want for the FS - YYY 
    require  => Mount[ "/app"],
  }
edit flag offensive delete link more

Comments

the command (single apersand) seems odd. I'd go with a single '/bin/mkdir -m 0755 /app'. Instead of the `unless` it is easier to simply specify `creates => '/app'`

Stefan gravatar imageStefan ( 2016-12-27 16:47:52 -0500 )edit

Oops my mistake, it was in facts &&... corrected now, thanks

stivesso gravatar imagestivesso ( 2016-12-27 18:39:40 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-12-21 09:04:16 -0500

Seen: 590 times

Last updated: Dec 28 '16

Related questions

unable to nfs mount on AIX

custom mount point errors

NFS Mount: Still the error Could not evaluate: Field 'device' is required

puppet file server and custom mount issue

multiple possible mount devices

puppet mount with service

puppet apply always tries to enforce selinux default params for /etc/puppet/

Cascade file mount and file again (with the same folder) [closed]

How validate the mount points and ensure that it is an expected state

Puppet trying to mount a disk which is already mounted