remove incorrect checker for acl command
in case of empty mask (---), there is possibility of block effective permissions for adm group
so , there are 2 ways:
1) change unless checker:
- unless: "getfacl /var/log/|grep default:group:adm && getfacl /var/log/|grep mask::r"
2) remove this checker
IMO:
1) bad code-style
2) better solution for me, because imo, this checker is redundant, because:
- setfacl command doesnot return non-zero exit code due reapplying
- setfacl command doesnot need much time or cpu/memory resources, so wrapping is redundant
related bug:
https://mirantis.jira.com/browse/PROD-16772
p.s. take a look on comments in above bug. It contains all investigating process
Change-Id: If095e024e64db688b7c67d32463efc843b3bf6d5
diff --git a/heka/_common.sls b/heka/_common.sls
index fc1a651..61646ab 100644
--- a/heka/_common.sls
+++ b/heka/_common.sls
@@ -43,7 +43,6 @@
heka_acl_log:
cmd.run:
- name: "setfacl -R -m g:adm:rx /var/log; setfacl -R -d -m g:adm:rx /var/log"
- - unless: "getfacl /var/log/|grep default:group:adm"
hekad_process:
process.absent:
diff --git a/heka/server.sls b/heka/server.sls
index 888f04c..562dbe3 100644
--- a/heka/server.sls
+++ b/heka/server.sls
@@ -51,7 +51,6 @@
heka_acl_log:
cmd.run:
- name: "setfacl -R -m g:adm:rx /var/log; setfacl -R -d -m g:adm:rx /var/log"
- - unless: "getfacl /var/log/|grep default:group:adm"
heka_service:
service.running: