I noticed in the puppet repo README there are three commands that have to be run manually because Puppet does not have native support for ACLs. What about using the exec type as a work around for setting the ACLs? Something like exec { 'file-managed-by-puppet': command => '/usr/bin/setfacl -m u:someuser:r /some/file/location', unless => '/usr/bin/getfacl --absolute-names /some/file/location | grep user:someuser:r--', notify => Service['someservice'], require => File['/some/file/location'], }
Attachment:
signature.asc
Description: This is a digitally signed message part