[[chef-dev]] CHEF-1621 - "recursive" attribute on "directory" resource does not apply users and groups to entire path

Chronological Thread 
  • From: Thomas Bishop < >
  • To:
  • Subject: [[chef-dev]] CHEF-1621 - "recursive" attribute on "directory" resource does not apply users and groups to entire path
  • Date: Sat, 2 Oct 2010 16:22:31 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=GvA2zaC8XccIcMWi7y1TPAEE4P7iK+a2Do3WjJE8DkTs6X2Y640xxWAB+ZqeOnPbDS aPy6Qu/rKrnBZ5OPsDfN5TpnJJIsLe6neVd3c9x8cbR6huth//DbT1a7PalmfzrXziKE vADyPSP4z8YHxLAfrmVX3xNavocwC3X7D6Wic=

Hi folks,

I was discussing this ticket with Dan DeLeo on irc and we thought it
would be a good idea to get feedback from a larger audience.

Have a look at the example at http://tickets.opscode.com/browse/CHEF-1621.

The user was expecting:

777 ldm:ldm /data
777 ldm:ldm /data/realtime
777 ldm:ldm /data/realtime/fetched
777 ldm:ldm /data/realtime/fetched/radar

Here's what chef did:

755 root:root /data
755 root:root /data/realtime
755 root:root /data/realtime/fetched
777 ldm:ldm /data/realtime/fetched/radar

The current chef behavior makes sense to me.  Here are a couple of reasons 

1.  As the directory being defined is /data/realtime/fetched/radar, I
would not expect chef to touch the ownership or permissions on
anything above it.  I would however expect chef to create the required
parent directories if they did not exist in order to satisfy the
desired state.

2.  If chef modified the permissions/ownership for the entire
structure, this could have adverse effects if there were additional
directories defined under /data, or /data/realtime or
/data/realtime/fetched.  If /data/foo existed for example.  In my
opinion, this would be counterintuitive behavior.

I agree with the ticket submitter that the docs aren't 100% clear on
this and should probably be updated.

I would love to hear additional thoughts on this.


Archive powered by MHonArc 2.6.16.