Forge Home

recursive_file_permissions

Puppet defined type for managing permissions on large amounts of files

255,667 downloads

11,303 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.6.2 (latest)
  • 0.6.1
  • 0.6.0
  • 0.5.0
released Nov 30th 2021
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.6.0 < 8.0.0
  • , , , , , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'npwalker-recursive_file_permissions', '0.6.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add npwalker-recursive_file_permissions
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install npwalker-recursive_file_permissions --version 0.6.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

npwalker/recursive_file_permissions — version 0.6.2 Nov 30th 2021

Recursive File Permissions

Manage file and directory permissions recursively in a much more performant way than using recurse => true.

Table of Contents

  1. Description
  2. Requirements
  3. Usage
  4. Development

Description

When using Puppet, it's common to want to ensure the permissions, owner, or group of a large amount of files are correct. Usually because some application needs to read or write those files or just to make sure that they are set with secure permissions. A normal way to do that is with a file resource and the recurse => true attribute.

However, using a file resource with recurse => true is a recipe for disaster. If /my_dir contains 1000's of files, that means Puppet will add 1000's of file resources to the catalog and report. This causes agent runs and performance issues with storing those catalogs and reports in PuppetDB.

This module provides a defined type that manages permissions, owner, and group for files using the find, chmod, chown, and chgrp commands behind the scenes to quickly determine if files need to be updated. This is a much faster operation than what Puppet would natively do, and it results in only one extra resource in the catalog, not (possibly) thousands.

# The old way of using recurse => true, like this:
file { '/opt/app':
  ensure  => directory,
  owner   => 'app_x',
  group   => 'app_x',
  mode    => '0640',
  recurse => true,
}

# Becomes much more performant by doing this:
file { '/opt/app':
  ensure => directory,
}
recursive_file_permissions { '/opt/app':
  file_mode => '0640',
  dir_mode  => '0750',
  owner     => 'app_x',
  group     => 'app_x',
}

Requirements

The requirements for this module are:

  • A non-Windows operating system for the Puppet agent.
  • The system must have find, chmod, chown, and chgrp installed and in the system path.

Usage

Here's an example of setting file modes, directory modes, owner, and group:

recursive_file_permissions { '/my_dir':
  file_mode => '0644',
  dir_mode  => '0755',
  owner     => 'me',
  group     => 'us',
}

Note: The mode of files and directories must be specified separately and correctly. This module does not automatically add the execute bit to directory modes, unlike the file resource.

You do not need to include all of the attributes but you must include at least one, otherwise, there wouldn't be anything for it to manage.

For example, if you only want to set the owner, do this:

recursive_file_permissions { '/my_dir':
  owner => 'me',
}

Development

PRs welcome.