Clockwork

res_dir(5)

NAME

res_dir - Clockwork Resource Type for system directories

DESCRIPTION

The res_dir resource gives administrators a way to manage the presence of directories and the permissions on them.

ATTRIBUTES

path

The path (from the client's point of view) to the directory to be managed.

owner

The name of the user who should own the directory.

group

The name of the group who should own this directory.

mode

The permissions set for this directory. THe value must be specified in octal notation, i.e. 0750 for rwxr-x---.

EXAMPLES

Basic Usage

The following policy configuration would create /srv/www, and make it readable, writable and traversable by the apache user (for running Apache) and the web group (people who manage the code and content of web sites).

dir "/srv/www" {
    owner: "apache"
    group: "web"
    mode:  "0775"
}

DEPENDENCIES

Directory resources implicitly create the following dependencies:

User Owner (owner)

If the owner attribute is specified, the directory resource will depend on the existence of that user. This is designed to ensure that directories are owned by valid system users.

Group Owner (group)

If the group attribute is specified, the directory resource will depend on the existence of that group. This is designed to ensure that directories are owned by valid system groups.

Parent Directories

Missing directories in between the directory path and the root (/) will be created if necessary (for existant resources). By default, these parent directories will be owned by root:root with mode 0755. However, if the policy defines other directory resources with matching paths, they will be marked as dependencies.

An example should clear up any confusion:

dir "/u/apps" {
    owner: "webmaster"
    group: "web"
    mode:  0755
}

dir "/u/apps/test.example.net" {
    owner: "apache"
    group: "web"
    mode:  0775
}

If the above policy was enforced on a host without the /u directory, the following would happen (in order):

1. Create /u, per defaults (root:root; 0755)
2. Create /u/apps, per policy (webmaster:web; 0755)
3. Create /u/apps/test.example.net, per policy (apache:web; 0775)

AUTHOR

Clockwork was designed and written by James Hunt.

The Clockwork website is licensed under the Creative Commons Attribution-NoDerivs 3.0 United States License