(Note, this was manually copied from a redmine ticket)
Given a directory:
You may wish to recursively ensure a certain mode such as: u=rw,g=r As you all know, this cleverly adds +x to directories, but not to files. (good!) You may also decide that you’d like to setgid (+s) for the directory…
… but NOT for it’s contents. These two semantics are very different, since setgid for a directory, ensures new files/dirs have the group you want, however adding this to an executable file can be quite dangerous!
You can’t do this:
because that’s a duplicate definition. So: by default, I think:
1. +s for g should act like +x currently does (except opposite) — for +s only apply it to the directory, even when recurse is true.
2. If some flag like recurse_setgid => true, then you can recursively add the +s
I marked this as high, because I think the current behaviour is very dangerous.
I stumbled upon this problem when I realized setgid is a useful property to add to /etc/puppet/, but not for /etc/puppet/files/*