Fix multi-user configuration for brew about puppet-homebrew HOT 6 CLOSED

will also try to add any permissions that need to be re-checked to allow systems with a brew already installed to become managed and multi-user.

from puppet-homebrew.

Looks like an impossible task to achieve cleanly with Puppet. Every time I set the proper permissions which require a recuse over all homebrew files, brew itself as part of the doctor or update, which pulls back from the git repo, restores their original permissions making puppet on the next run change them over and over again.

This is not ideal, I'm wondering if we should just check the core files and folders needed and change their permissions with an exec instead of a file statement to make it easier, quicker and shorter to write. Otherwise we can only ask the core brew maintainers to set the default permissions to allow group access and execution already on their Github repo or change the unmask of the user to make files available to the group by default which is not a good security practice.

Another thing to keep in mind is that the installed applications are not given group permissions so only the owner can uninstall/update them. With the actual setup not even the admins can without using sudo.

I start to see why people try to avoid brew as a "enterprise" software manager tool and leave it to the user for their personal enjoyment which is a shame.

from puppet-homebrew.

If it's that complex, I'm tempted to avoid the issue. After all, brew itself recommends against this approach in favor of brew-specific user accounts (see the last paragraph in that section... linking is hard :P).

A few other thoughts:

• would setting the user umask before the homebrew install and then resetting it after work?
• if we made it an exec rather than a file, wouldn't that still be reset on the next doctor/update anyway, only this time without this module at least attempting to fix it?
• re "enterprise": I can't say I've ever heard OSX referred to as a go-to for enterprise stability and guaranteed correctness across managed systems. Apple's SIP etc seems to be trying to move it even further away from being easily usable in that sort of mode -- I don't blame brew here, there's not much they can do to get around that without making it unusable for the average single-user setup.

from puppet-homebrew.

Got it working on brand new machines by using ACLs to inherit permissions from parents. I need now to make it work if someone wants to move from single-user to multi-user setup.
Here my testing branch: https://github.com/improbable-io/puppet-homebrew/tree/fix-multiuser

from puppet-homebrew.

This should be fixed by #89 and will not break or affect anyone using the single-user/default mode.

from puppet-homebrew.

Fixed in #89 (released in v1.8.0)

from puppet-homebrew.