Check permissions on directory before an action


#1

Greetings!

For an cookbook I'm creating, I have a recipe for both installing and upgrading.

In the install recipe I'm creating a directory and set some permissions:
directory directory do
owner user
group group
mode 0755
recursive true
action :create
end

In the upgrade recipe I need to check if the permissions is still the same. What would be the best way to check the permissions of a folder in Chef? (Note: for Centos/RHEL).

I plan to check the permissions in the start of the recipe, as this will need to be investigated if there is a mismatch. It would also be nice to return a custom error message if the permission have changed.

Thanks in advance!


#2

You can always check permissions and log a message in the cookbook.

But to see if things need changing we always just run chef-client -W (why run).

While not changing anything it reports anything it would change.


#3

I don't really get why you would want to check the permissions. One of the key concepts of Chef is idempotency, which means that you can run the directory block as often as you want and the outcome will always be the same.
So what you should to is having this directory block in some recipe outside the installation, one that is run before the install and upgrade and you will be good to go, no matter what.


#4

The hard, chef specific way is to set a flag based on a shell based test, and run the chef procedure based on that property. The more straightforward is to write the test and action in shell from the start.

It is a violation of the chef paradigm, of writing a "archetypal state that you intend to be in, and letting chef create that canonical state irrelevant of the current condition".