Comments (6)
will also try to add any permissions that need to be re-checked to allow systems with a brew already installed to become managed and multi-user.
from puppet-homebrew.
Looks like an impossible task to achieve cleanly with Puppet. Every time I set the proper permissions which require a recuse over all homebrew files, brew itself as part of the doctor
or update
, which pulls back from the git repo, restores their original permissions making puppet on the next run change them over and over again.
This is not ideal, I'm wondering if we should just check the core files and folders needed and change their permissions with an exec
instead of a file
statement to make it easier, quicker and shorter to write. Otherwise we can only ask the core brew maintainers to set the default permissions to allow group access and execution already on their Github repo or change the unmask of the user to make files available to the group by default which is not a good security practice.
Another thing to keep in mind is that the installed applications are not given group permissions so only the owner can uninstall/update them. With the actual setup not even the admins can without using sudo
.
I start to see why people try to avoid brew as a "enterprise" software manager tool and leave it to the user for their personal enjoyment which is a shame.
from puppet-homebrew.
If it's that complex, I'm tempted to avoid the issue. After all, brew itself recommends against this approach in favor of brew-specific user accounts (see the last paragraph in that section... linking is hard :P).
A few other thoughts:
- would setting the user umask before the homebrew install and then resetting it after work?
- if we made it an
exec
rather than afile
, wouldn't that still be reset on the nextdoctor
/update
anyway, only this time without this module at least attempting to fix it? - re "enterprise": I can't say I've ever heard OSX referred to as a go-to for enterprise stability and guaranteed correctness across managed systems. Apple's SIP etc seems to be trying to move it even further away from being easily usable in that sort of mode -- I don't blame brew here, there's not much they can do to get around that without making it unusable for the average single-user setup.
from puppet-homebrew.
Got it working on brand new machines by using ACLs to inherit permissions from parents. I need now to make it work if someone wants to move from single-user to multi-user setup.
Here my testing branch: https://github.com/improbable-io/puppet-homebrew/tree/fix-multiuser
from puppet-homebrew.
This should be fixed by #89 and will not break or affect anyone using the single-user/default mode.
from puppet-homebrew.
Fixed in #89 (released in v1.8.0)
from puppet-homebrew.
Related Issues (20)
- executing brew info from within puppet fails, but doing it manually in the shell works HOT 2
- Run brew commands from `/tmp` or similar public folder
- Unable to install from URL with mixed-case HOT 2
- Unable to install java8 due to sudo asking for password HOT 1
- Notify error when brew user has no privileges on cwd HOT 1
- fix puppet6 dependencies HOT 1
- fix PDK build in CI HOT 2
- privileged installers HOT 1
- Brewcask provider no longer works
- Dependency and Compatibility Versions HOT 1
- module doesn't support M1 installations HOT 6
- Unclear docs/recommendations for running as root (or not)
- Apple M1 Chip is installing Brew to usr/local/bin instead of /opt/homebrew
- Use proper homebrew installation script
- Update functionality does not work as expected HOT 3
- Fix bug for incomplete brew installations
- Handle better brew outputs
- /usr/local immutable on High Sierra
- Silently fails to install a package on first run of Puppet HOT 1
- /usr/local under High Sierra HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-homebrew.