finish work for unpriviledged user

To be able to use the module as an unprivileged user we need to
adjust certain things:

* only enforce the run user and group if we are root and can
  actually change the user
* set owner/group of our files and directories to our own user/group
* place the concat script in a location we can write -> use the
  concat dir for that.

diff --git a/manifests/fragment.pp b/manifests/fragment.pp
index 7afc4c07724cbb8c8a942fda77eb4e64dda44c08..1fb412894079e92df3a39dd0fae42920c0c7cc8f 100644 (file)
--- a/manifests/fragment.pp
+++ b/manifests/fragment.pp
@@ -13,7 +13,7 @@
 #   - group     Owner of the file
 #   - backup    Controls the filebucketing behavior of the final file and
 #               see File type reference for its use.  Defaults to 'puppet'
-define concat::fragment($target, $content='', $source='', $order=10, $ensure = "present", $mode = 0644, $owner = root, $group = $concat::setup::root_group, $backup = "puppet") {
+define concat::fragment($target, $content='', $source='', $order=10, $ensure = "present", $mode = 0644, $owner = $id, $group = $concat::setup::root_group, $backup = "puppet") {
     $safe_name = regsubst($name, '/', '_', 'G')
     $safe_target_name = regsubst($target, '/', '_', 'G')
     $concatdir = $concat::setup::concatdir

diff --git a/manifests/init.pp b/manifests/init.pp
index 3a173467782f606f2abcb356670b1a1c7cdb4f2d..19d91a15d74d13083539bc03aeca7de0d3105c3b 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -44,9 +44,9 @@
 #
 # DETAIL:
 # We use a helper shell script called concatfragments.sh that gets placed
-# in /usr/local/bin to do the concatenation.  While this might seem more 
-# complex than some of the one-liner alternatives you might find on the net
-# we do a lot of error checking and safety checks in the script to avoid 
+# in <Puppet[:vardir]>/concat/bin to do the concatenation.  While this might
+# seem more complex than some of the one-liner alternatives you might find on
+# the net we do a lot of error checking and safety checks in the script to avoid
 # problems that might be caused by complex escaping errors etc.
 # 
 # LICENSE:
@@ -87,7 +87,7 @@
 # ALIASES:
 #  - The exec can notified using Exec["concat_/path/to/file"] or Exec["concat_/path/to/directory"]
 #  - The final file can be referened as File["/path/to/file"] or File["concat_/path/to/file"]  
-define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group, $warn = "false", $force = "false", $backup = "puppet", $gnu = "true", $order="alpha") {
+define concat($mode = 0644, $owner = $id, $group = $concat::setup::root_group, $warn = "false", $force = "false", $backup = "puppet", $gnu = "true", $order="alpha") {
     $safe_name   = regsubst($name, '/', '_', 'G')
     $concatdir   = $concat::setup::concatdir
     $version     = $concat::setup::majorversion
@@ -126,7 +126,7 @@ define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group
     }
 
     File{
-        owner  => root,
+        owner  => $id,
         group  => $group,
         mode   => $mode,
         backup => $backup
@@ -164,13 +164,17 @@ define concat($mode = 0644, $owner = "root", $group = $concat::setup::root_group
     }
 
     exec{"concat_${name}":
-        user      => root,
-        group     => $group,
         notify    => File[$name],
         subscribe => File[$fragdir],
         alias     => "concat_${fragdir}",
-        require   => [ File["/usr/local/bin/concatfragments.sh"], File[$fragdir], File["${fragdir}/fragments"], File["${fragdir}/fragments.concat"] ],
-        unless    => "/usr/local/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${gnuflag}",
-        command   => "/usr/local/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${gnuflag}",
+        require   => [ File[$fragdir], File["${fragdir}/fragments"], File["${fragdir}/fragments.concat"] ],
+        unless    => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${gnuflag}",
+        command   => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${gnuflag}",
+    }
+    if $id == 'root' {
+      Exec["concat_${name}"]{
+        user      => root,
+        group     => $group,
+      }
     }
 }

diff --git a/manifests/setup.pp b/manifests/setup.pp
index 5b3ad26a0af2e2fa354792e33a7b567e5a92d20d..53092ab032ff6c1a3a6294732b69ecfce2ec40f0 100644 (file)
--- a/manifests/setup.pp
+++ b/manifests/setup.pp
@@ -13,12 +13,15 @@
 #
 # It also copies out the concatfragments.sh file to /usr/local/bin
 class concat::setup {
-    $root_group = 0
+    $root_group = $id ? {
+      root => 0,
+      default => $id
+    }
     $concatdir = $concat_basedir
     $majorversion = regsubst($puppetversion, '^[0-9]+[.]([0-9]+)[.][0-9]+$', '\1')
 
-    file{"/usr/local/bin/concatfragments.sh": 
-            owner  => root,
+    file{"${concatdir}/bin/concatfragments.sh":
+            owner  => $id,
             group  => $root_group,
             mode   => 755,
             source => $majorversion ? {
@@ -26,9 +29,9 @@ class concat::setup {
                         default => "puppet:///modules/concat/concatfragments.sh"
                       };
 
-         $concatdir: 
+         [ $concatdir, "${concatdir}/bin" ]:
             ensure => directory,
-            owner  => root,
+            owner  => $id,
             group  => $root_group,
             mode   => '0750';
     }