{"id":20622316,"url":"https://github.com/smoeding/puppet-file_capability","last_synced_at":"2025-04-15T12:33:33.846Z","repository":{"id":12349630,"uuid":"70069888","full_name":"smoeding/puppet-file_capability","owner":"smoeding","description":"Manage Linux file capabilities with Puppet","archived":false,"fork":false,"pushed_at":"2023-07-07T10:29:37.000Z","size":77,"stargazers_count":6,"open_issues_count":0,"forks_count":8,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-28T20:12:14.198Z","etag":null,"topics":["linux","puppet"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smoeding.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-05T14:47:30.000Z","updated_at":"2025-03-09T21:29:09.000Z","dependencies_parsed_at":"2024-06-18T20:12:30.593Z","dependency_job_id":"7b985c8b-58fd-4b6d-9302-c75224cdfd03","html_url":"https://github.com/smoeding/puppet-file_capability","commit_stats":{"total_commits":59,"total_committers":2,"mean_commits":29.5,"dds":"0.016949152542372836","last_synced_commit":"481254b8272d495aba77ed5482247088a172a223"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smoeding%2Fpuppet-file_capability","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smoeding%2Fpuppet-file_capability/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smoeding%2Fpuppet-file_capability/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smoeding%2Fpuppet-file_capability/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smoeding","download_url":"https://codeload.github.com/smoeding/puppet-file_capability/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249072343,"owners_count":21208173,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["linux","puppet"],"created_at":"2024-11-16T12:22:08.960Z","updated_at":"2025-04-15T12:33:33.805Z","avatar_url":"https://github.com/smoeding.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# file_capability\n\n[![Build Status](https://github.com/smoeding/puppet-file_capability/actions/workflows/CI.yaml/badge.svg)](https://github.com/smoeding/puppet-file_capability/actions/workflows/CI.yaml)\n[![Puppet Forge](http://img.shields.io/puppetforge/v/stm/file_capability.svg)](https://forge.puppetlabs.com/stm/file_capability)\n[![License](https://img.shields.io/github/license/smoeding/puppet-file_capability.svg)](https://raw.githubusercontent.com/smoeding/puppet-file_capability/master/LICENSE)\n\n#### Table of Contents\n\n1. [Overview](#overview)\n2. [Module Description - What the module does and why it is useful](#module-description)\n3. [Setup - The basics of getting started with file_capability](#setup)\n    * [What file_capability affects](#what-file_capability-affects)\n    * [Setup requirements](#setup-requirements)\n4. [Usage - Configuration options and additional functionality](#usage)\n5. [Reference - An under-the-hood peek at what the module is doing and how](#reference)\n5. [Limitations - OS compatibility, etc.](#limitations)\n6. [Development - Guide for contributing to the module](#development)\n\n## Overview\n\nManage file capabilities on Linux.\n\n## Module Description\n\nLinux capabilities provide a more fine-grained privilege model than the traditional privileged user (`root`) vs. non-privileged user model. File capabilities associate capabilities with an executable and grant additional capabilities to the process calling the executable (similar to what a setuid binary does in the traditional model).\n\nThis module provides the `file_capability` type to set or reset file capabilities for a file. See the [`capabilities(7)`](http://man7.org/linux/man-pages/man7/capabilities.7.html) man page for details about the available capabilities in your operating system.\n\n## Setup\n\n### What file_capability affects\n\n* Sets or resets file capabilities for a given file using the `setcap` and `getcap` binaries provided by the operating system.\n\n### Setup requirements\n\n* No additional Puppet modules are required for this type.\n\n## Usage\n\n### Initialize the class to install the required package\n\n``` Puppet\ninclude file_capability\n```\n\nOn Debian based operating systems this will install the `libcap2-bin` package to ensure the required binaries are available. For RedHat based systems the package `libcap` will be installed instead.\n\n### Set a single capability\n\nSet the capability used by `ping` to be able to open a raw socket without being setuid:\n\n``` Puppet\nfile_capability { '/bin/ping':\n  ensure     =\u003e present,\n  capability =\u003e 'cap_net_raw=ep',\n}\n```\n\n### Set multiple capabilities\n\nThis set of capabilities is used by Wireshark to be available to non-root users:\n\n``` Puppet\nfile_capability { '/usr/bin/dumpcap':\n  capability =\u003e [ 'cap_net_admin=eip', 'cap_net_raw=eip', ],\n}\n```\n\nBoth capabilities use the same flags, so this can be abbreviated:\n\n``` Puppet\nfile_capability { '/usr/bin/dumpcap':\n  capability =\u003e 'cap_net_admin,cap_net_raw=eip',\n}\n```\n\n### Clear all capabilities\n\nRemove all file capabilities:\n\n``` Puppet\nfile_capability { '/path/to/executable':\n  ensure =\u003e absent,\n}\n```\n\n### Use hiera to create resources\n\nThe main class uses the `file_capabilities` hash parameter to create `file_capability` resources. So the following hiera item will create the same resource that is shown in the first example:\n\n``` yaml\nfile_capability::file_capabilities:\n  '/bin/ping':\n    ensure:     present\n    capability: 'cap_net_raw=ep'\n```\n\n## Reference\n\nSee [REFERENCE.md](https://github.com/smoeding/puppet-file_capability/blob/master/REFERENCE.md)\n\n## Limitations\n\nThe type uses a regular expression to validate the `capability` parameter. Unfortunately some illegal specifications are not caught by this check.\n\nThe module is currently developed and tested on:\n* Debian 11 (Bullseye)\n\n## Development\n\nFeel free to send pull requests for new features.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmoeding%2Fpuppet-file_capability","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmoeding%2Fpuppet-file_capability","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmoeding%2Fpuppet-file_capability/lists"}