We have had some challenges with individuals/processes moving files from one directory to another, modifying the ACLs of an existing directory in the process. Even if we switch to copying files instead of moving files it is still possible that an end user or process may modify ACLs in such a way that another user does not have the access they need to complete their task. The file resource in Puppet can define the owner and owning group of a resource as well as mode, but is there support for POSIX ACLs?
↧
