Thanks Den, You're right of course. I think I'll go down that route but still set uid/gid in the manifest and use a log watcher to alert me whenever puppet changes a user or group id. That way I know my users are all good and don't gave to do pre-change audits and just deal with anomalies as they turn up manually.
SteveC On 13 Apr 2011, at 00:23, Denmat <tu2bg...@gmail.com> wrote: > Hi, > > This sounds like a once change as you implement puppet, right? I don't > imagine you want to run that as part of a manifest. > > What I would do is get a current list of uid numbers for your users and after > running puppet on your hosts for the first time, run a find searching on the > uid number and issue an chown as it finds them to the uid number. > > Be easier and possibly more thorough than doing it in puppet or by searching > logs. > > Cheers, > Den > On 12/04/2011, at 22:13, scarts <stephenandmi...@me.com> wrote: > >> If I create a user resource and specify UID and a group resource and >> specify GID where the user and group may or may not already exist, in >> the case where the user or group does exist would it be best practice >> to: >> >> 1) Have puppet change the uid/gid values, then post this change, trawl >> through logs to find old & new uid/gid values and manually run find to >> recursively change files and directories outside the users home >> directory, or >> >> 2) Use some type of exec to trigger on user/group resource refesh only >> to run the same thing automatically? >> >> I'm in two minds, in that the second option means I don't have to do >> anything manually but I also wouldn't want the exec triggered if I >> just change something like the user comment for example. >> >> If an exec is okay to use in these cases, then how would I get the >> 'old' uid/gid value into a puppet variable before I make the change, >> as I would need to know this in order to run the chown/chgrp >> automatically. >> >> Thanks for your time. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
