Managing home directories permissions

asked 2017-09-22 13:37:04 -0600

DrRandDumb gravatar image

In the process of bringing existing systems under new compliance rule sets, we are tyring to ensure that all users home directories have the correct permissions. solving this for net new users is trivial by managing UMASK in /etc/login.defs the problem I'm now facing is updating the existing user homedirs permissions. many of these are now set to 0755, and we want to change to 0700, the problem is, the existing users on the systems differ from one to the next - so I can't do a list; and managing /home like this:

file { '/home': recurse => true, recurselimit = 1, mode => 0700, }

is going to switch the permissions of /home itself, which we don't want.

Any advice on managing a dynamic list of children directories, without affecting the parent?

edit retag flag offensive close merge delete


You could make a custom fact that gives you the list of directories under home, and then use that list to populate your recursive controll, but honestly sometimes it is just easier to use an exec to manage permissions like that. I've run into circular reps while trying to managed does like you said

DarylW gravatar imageDarylW ( 2017-09-23 23:14:04 -0600 )edit

I would also run an exec.

exec {"home_dir_0700":
  cwd     => '/home',
  command => '/usr/bin/find . -mindepth 1 -maxdepth 1 -type d -execdir chmod 0700 {} \;'

luksi1 gravatar imageluksi1 ( 2017-09-25 14:33:18 -0600 )edit