In the process of bringing existing systems under new compliance rule sets, we are tyring to ensure that all users home directories have the correct permissions.
solving this for net new users is trivial by managing UMASK in /etc/login.defs
the problem I'm now facing is updating the existing user homedirs permissions. many of these are now set to 0755, and we want to change to 0700, the problem is, the existing users on the systems differ from one to the next - so I can't do a list; and managing /home like this:
file { '/home':
recurse => true,
recurselimit = 1,
mode => 0700,
}
is going to switch the permissions of /home itself, which we don't want.
Any advice on managing a dynamic list of children directories, without affecting the parent?
↧