Do not manage owner and group if user is allowed to SSH/SFTP

this is to allow root owned home for a chroot use ACLs to manually grant "r-x" to user_ftp and httpd_user
descala · Feb 12, 2015 · 85d3ae3 · 85d3ae3
1 parent 07be5b2
commit 85d3ae3
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/puppet/modules/webserver1/manifests/domain.pp b/puppet/modules/webserver1/manifests/domain.pp
@@ -44,13 +44,29 @@
     # removed common::mysql::database::backup, we are doing it in backup.sh.erb now
   }
 
-  file {
-    "/var/www/${name}":
+  # Do not manage owner and group if user is allowed to SSH
+  # this is to allow root owned home for a chroot
+  # use ACLs to manually grant "r-x" to user_ftp and httpd_user
+  if $shell != $nologin {
+    file {
+      "/var/www/${name}":
+      ensure  => directory,
+      mode    => '0550',
+      require => Package[$::httpd];
+    }
+  }
+  else {
+    file {
+      "/var/www/${name}":
       ensure  => directory,
       owner   => $user_ftp,
       group   => $::httpd_user,
       mode    => '0550',
       require => Package[$::httpd];
+   }
+  }
+
+  file {
     "/var/www/$name/readme.txt":
       group => $user_ftp,
       mode => 750,