{"id":23034120,"url":"https://github.com/autostructure/acl_posix","last_synced_at":"2025-09-11T08:33:48.027Z","repository":{"id":136316287,"uuid":"107682645","full_name":"autostructure/acl_posix","owner":"autostructure","description":null,"archived":false,"fork":false,"pushed_at":"2017-10-20T13:46:20.000Z","size":59,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-02T22:15:04.849Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/autostructure.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-20T13:40:25.000Z","updated_at":"2017-10-20T13:46:25.000Z","dependencies_parsed_at":null,"dependency_job_id":"aa2b7416-d3fa-4258-bbd6-91fd5ec6ef90","html_url":"https://github.com/autostructure/acl_posix","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/autostructure/acl_posix","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Facl_posix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Facl_posix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Facl_posix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Facl_posix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/autostructure","download_url":"https://codeload.github.com/autostructure/acl_posix/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autostructure%2Facl_posix/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266409631,"owners_count":23924287,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-21T11:47:31.412Z","response_time":64,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-15T16:29:19.456Z","updated_at":"2025-07-22T01:34:27.547Z","avatar_url":"https://github.com/autostructure.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"#+TITLE: Acl module for Puppet\n\n* Description\nThis a module that was lifted nearly byte by byte from https://github.com/dobbymoodge/puppet-acl. We needed the functionality, but it's\nname conflicted with the approved acl module for Windows.\n\nThis plugin module provides a way to set POSIX 1.e (and other standards) file ACLs via Puppet.\n\n* Usage:\n  - the =Acl= resource =title= is used as the path specifier.\n  - ACLs are specified in the =permission= property as an array of strings in the same format as is used for =setfacl=.\n  - the =action= parameter can be one of =set=, =exact=, =unset= or =purge=. These are described in detail below.\n  - the =provider= parameter allows a choice of filesystem ACL provider. Currently only POSIX 1.e is implemented.\n  - the =recursive= parameter allows you to apply the ACLs to all files under the specified path.\n\n    : acl { \"/var/log/httpd\":\n    :     action     =\u003e set,\n    :     permission =\u003e [\n    :                    \"user::rwx\",\n    :                    \"group::---\",\n    :                    \"mask::r-x\",\n    :                    \"other::---\",\n    :                    \"group:logview:r-x\",\n    :                    \"default:user::rwx\",\n    :                    \"default:group::---\",\n    :                    \"default:mask::rwx\",\n    :                    \"default:other::---\",\n    :                    \"default:group:logview:r-x\",\n    :                    ],\n    :     provider   =\u003e posixacl,\n    :     require    =\u003e [\n    :                    Group[\"logview\"],\n    :                    Package[\"httpd\"],\n    :                    Mount[\"/var\"],\n    :                    ],\n    :     recursive  =\u003e false,\n    : }\n\n** Using action =\u003e set:\nThe =set= option for the =action= parameter allows you to specify a minimal set of ACLs which will be guaranteed by Puppet. ACLs applied to the path which do not match those specified in the =permission= property will remain unchanged.\n*** Initial permissions:\n    : # file /var/www/site1\n    : user::rwx\n    : group::r-x\n    : other::r-x\n    : mask::rwx\n    : group:webadmin:r-x\n    : group:httpadmin:rwx\n*** Specified acls:\n    : permission  =\u003e [\n    :   'user::rwx',\n    :   'group::r-x',\n    :   'other::r-x',\n    :   'mask::rwx',\n    :   'group:webadmin:rwx',\n    :   'user:apache:rwx',\n    : ],\n*** Updated permissions:\n    : # file /var/www/site1\n    : user::rwx\n    : group::r-x\n    : other::r-x\n    : mask::rwx\n    : user:apache:rwx\n    : group:webadmin:rwx\n    : group:httpadmin:rwx\n** Using action =\u003e exact:\nThe =exact= option for the =action= parameter will specify the exact set of ACLs guaranteed and enforced by Puppet. ACLs applied to the path which do not match those specified in the =permission= property will be removed.\n*** Initial permissions:\n    : # file /var/www/site1\n    : user::rwx\n    : group::r-x\n    : other::r-x\n    : mask::rwx\n    : group:webadmin:r-x\n    : group:httpadmin:rwx\n*** Specified acls:\n    : permission  =\u003e [\n    :   'user::rwx',\n    :   'group::r-x',\n    :   'other::r-x',\n    :   'mask::rwx',\n    :   'group:webadmin:r--',\n    :   'user:apache:rwx',\n    : ],\n*** Updated permissions:\n    - group:httpadmin permission is removed\n    - user:apache permission is added\n    - group:webadmin permission is updated\n    : # file /var/www/site1\n    : user::rwx\n    : group::r-x\n    : other::r-x\n    : mask::rwx\n    : group:webadmin:r--\n    : user:apache:rwx\n** Using action =\u003e unset:\nThe =unset= option for the =action= parameter will specify the set of ACLs guaranteed by Puppet to NOT be applied to the path. ACLs applied to the path which match those specified in the =permission= property will be removed. ACLs applied to the path which do not match those specified in the =permission= property will remain unchanged.\n*** Initial permissions:\n    : # file /var/www/site1\n    : user::rwx\n    : group::r-x\n    : other::r-x\n    : mask::rwx\n    : group:webadmin:r-x\n    : group:httpadmin:rwx\n*** Specified acls:\n    : permission  =\u003e [\n    :   'user::rwx',\n    :   'group::r-x',\n    :   'other::r-x',\n    :   'mask::rwx',\n    :   'group:webadmin:r--',\n    :   'user:apache:rwx',\n    : ],\n*** Updated permissions:\n    : # file /var/www/site1\n    : user::rwx\n    : group::r-x\n    : other::r-x\n    : mask::rwx\n    : group:httpadmin:rwx\n** Using action =\u003e purge:\nThe =purge= option for the =action= parameter will cause Puppet to remove any file ACLs applied to the path.\n\nNOTE: Although the =permission= property is unused for this action, it needs to have a valid ACL value for the action to work. This is a known issue.\n*** Initial permissions:\n    : # file /var/www/site1\n    : user::rwx\n    : group::r-x\n    : other::r-x\n    : mask::rwx\n    : group:webadmin:r-x\n    : group:httpadmin:rwx\n*** Specified acls:\nSee above\n    : permission  =\u003e [\n    :   'user::rwx',\n    :   'group::r-x',\n    :   'other::r-x',\n    :   'mask::rwx',\n    :   'group:webadmin:r--',\n    :   'user:apache:rwx',\n    : ],\n*** Updated permissions:\n    - All file ACLs are removed\n    : # file /var/www/site1\n    : user::rwx\n    : group::r-x\n    : other::r-x\n\n* Notes:\n** Conflicts with \"file\" resource type:\nIf the path being modified is managed via the =File= resource type, the path's mode bits must match the value specified in the =permission= property of the ACL\n** Mask check:\nThe ACL setter doesn't recalculate the rights mask based on the user/group ACLs specified, so it is possible to specify ACLs on a file for which a more restrictive set of rights is enforced, known as \"effective rights\". For example, with these =permission= parameters on a file =test=:\n    : permission  =\u003e [\n    :   'user::rw-',\n    :   'group::---',\n    :   'mask::r--',\n    :   'other::---',\n    :   'user:apache:rwx',\n    :   'group:root:r-x',\n    :   'group:admin:rwx',\n    : ],\n\nThe output of =getfacl test= reveals a more restrictive set of effective rights, which might not be what was expected:\n    : # file: test\n    : # owner: root\n    : # group: root\n    : user::rw-\n    : group::---\n    : other::---\n    : mask::r--\n    : user:apache:rwx                 #effective:r--\n    : group:root:r-x                  #effective:r--\n    : group:admin:rwx                 #effective:r--\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fautostructure%2Facl_posix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fautostructure%2Facl_posix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fautostructure%2Facl_posix/lists"}