SaltStack: Change linux ACLs for /home/*/input/

Question

There are roughly 30 users and 30 directories with this structure on a SaltStack minion:

/home/user1/input/
/home/user2/input/
/home/user3/input/
/home/user4/input/
...

I know how to change the linux ACLs for a single file via salt. In this example user "foo" gets read access:

home_user1_input_readable:
  acl.present:
    - name: /home/user1/input
    - acl_type: user
    - acl_name: foo
    - perms: r

Source: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.linux_acl.html

But how can I do this for N users?

With other word: Is there a way to do globbing here?

score 2 · Accepted Answer · answered Oct 19 '17 at 09:13

If you have a known users list, you may want to use a loop:

{% for user in users %}
home_{{ user }}_input_readable:
  acl.present:
    - name: /home/{{ user }}/input
    - acl_type: user
    - acl_name: foo
    - perms: r
{% endfor %}

If you don't have it, you can get it from the minions with:

{% set users = salt['user.list_users']() %}

Then loop for all users having a input directory with something like:

{% for user in users %}
{%   set userdef = salt['user.info'](user) %}
{%   if salt['file.directory_exists'](userdef.home + '/input') %}
home_{{ user }}_input_readable:
  acl.present:
    - name: /home/{{ user }}/input
    - acl_type: user
    - acl_name: foo
    - perms: r
{%   endif %}
{% endfor %}

`salt['user.list_users']` was new to me. Here are the docs: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pw_user.html#salt.modules.pw_user.list_users — guettli, Oct 24 '17 at 11:03

SaltStack: Change linux ACLs for /home/*/input/

1 Answers1

Linked