Home directories in our environment are hashed using the first two letters of a username. For example, the home directory for user lars is /home/l/a/lars.
I would like to use puppet to enforce mode 0700 permissions on the user home directories, but I'm not sure how to target the home directories. Essentially I would like to do this:
chmod 700 /home/*/*/*
In the absence of hashing this would be easy (using for example recurse and recurselimit), but the hashing has left me looking for a solution.
UPDATE: I am not looking to enumerate our users in puppet (because home directories are created as part of our account management process).
While thinking about this I've also become more muddled. Even if our home directories weren't hashed, how would I get puppet to apply permissions to the contents of a directory without affecting the top directory itself? I was thinking of something like this:
file { '/home:
ensure => directory,
mode => 0700,
recurse => true,
recurselimit => 1,
}
But this would apply the mode to both /home and its immediate contents. Mode 700 on /home/lars is fine. Mode 700 on /home is a big problem. Is this even possible?
Best Answer
It seems you've faced one of limitations of puppet. I'd just write a shell script that would do it.
Another possible solution might be to write a plugin for puppet which would allow you to use new datatype (say, file_wildcard) or something like that. That should be possible to write one on ruby, but I've never done that.