Some backupninja module updates from anarcat:

Wed Apr 30 16:22:48 EDT 2008  anarcat@koumbit.org
  * remove read permissions on backup directory on group so that a sandbox user can't read other people's directories
Wed Apr 30 16:01:53 EDT 2008  anarcat@koumbit.org
  * default the sandbox host to local ($fqdn) and depend on the sandbox directory properly
Thu Mar 13 18:49:38 EDT 2008  anarcat@koumbit.org
  * create the backup directory along with the user

diff --git a/manifests/server.pp b/manifests/server.pp
index 40b2dca2e79b885e1ad4b13dd184c0c8714b8475..34091d11d673220459c07435c6c21504b05cc943 100644 (file)
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -9,17 +9,27 @@ class backupninja::server {
     }
     file { "$backupdir":
             ensure => "directory",
-            mode => 750, owner => root, group => "backupninjas"
+            mode => 710, owner => root, group => "backupninjas"
     }
     User <<| tag == "backupninja-$fqdn" |>>
+    File <<| tag == "backupninja-$fqdn" |>>
 
     # this define allows nodes to declare a remote backup sandbox, that have to
     # get created on the server
-    define sandbox($host, $dir = false, $uid = false, $gid = "backupninjas") {
+    define sandbox($host = false, $dir = false, $uid = false, $gid = "backupninjas") {
+        $real_host = $host ? {
+           false => $fqdn,
+           default => $host,
+       }
         $real_dir = $dir ? {
            false => "${backupninja::server::backupdir}/$fqdn",
            default => $dir,
        }
+       @@file { "$real_dir":
+           ensure => "directory",
+           mode => 750, owner => $name, group => 0,
+            tag => "backupninja-$real_host",
+       }
         case $uid {
             false: {
                 @@user { "$name":
@@ -30,8 +40,8 @@ class backupninja::server {
                     managehome => true,
                     shell   => "/bin/sh",
                     password => '*',
-                    require => [ Group['backupninjas'], File["/backup"] ],
-                    tag => "backupninja-$host"
+                    require => Group['backupninjas'],
+                    tag => "backupninja-$real_host"
                 }
             }
             default: {
@@ -44,8 +54,8 @@ class backupninja::server {
                     managehome => true,
                     shell   => "/bin/sh",
                     password => '*',
-                    require => [ Group['backupninjas'], File["/backup"] ],
-                    tag => "backupninja-$host"
+                    require => Group['backupninjas'],
+                    tag => "backupninja-$real_host"
                 }
             }
         }