Affects Version/s: PUP 3.3.2
Fix Version/s: None
Component/s: Types and Providers
Puppet should be aware of when filesystem ACLs are present on a file, and behave just slightly differently on said files.
I've seen other feature requests asking to support filesystem ACLs and this isn't that. It'll be best to explain with an example scenario.
Lets say you have the file '/foo/bar' with an ACL 'mask::rwx' and 'group::r-x'.
Now lets also say you have the resource
When you do a `stat` call to get the permissions of the file, they're going to show up as '0775', even though the group does not have write permission. Because of this, puppet is going to go an do a `chmod 0755` on the file, which will change the ACL mask to 'mask::r-x'. Not the intended result.
Now you might argue that you shouldn't manage the file permissions with a file resource if the file has an ACL on it. And I'm on the fence whether this the proper answer. However there's another scenario where you might do
While I think full ACL support is another matter entirely, I think that when puppet makes the `stat` call to get the permissions on the file, if it detects the file has an ACL on it, it should inspect the permissions with `getfacl`, and adjust them with `setfacl` if necessary (again, only for the primary user/group/other attributes, not full ACL support).
The only other solution I can think of is for puppet to get full ACL support, and when puppet detects a file with an ACL on it, it creates a `facl` resource to manage the permissions instead of the file type managing the permission itself.