Currently, there's no built in functionality for realizing specific resources or classes as a specific user.
It would be useful in some scenarios to be able to do this.
One possible solution would be to:
- Add a new meta-parameter, perhaps for use with the resources resource, called run_user or similar, who's default value is root.
- If specified, everything within the relevant scope would be run as the specified user.
- Fork a process/thread on the agent during the puppet run that realizes the relevant resources as the non-root user and captures the output and any errors.