Fix changing permissions on /var/log
Change-Id: I7f88dcd4adc8b92a0dfedcd62566c7e650d355dd
Related-Prod: PROD-21728
diff --git a/heka/_common.sls b/heka/_common.sls
index 61646ab..e37dc7f 100644
--- a/heka/_common.sls
+++ b/heka/_common.sls
@@ -40,9 +40,13 @@
- require:
- pkg: heka_packages
+heka_acl_log_dirs:
+ cmd.run:
+ - name: "find /var/log -type d -exec setfacl -m g:adm:rx '{}' \\; -exec setfacl -d -m g:adm:rx '{}' \\;"
+
heka_acl_log:
cmd.run:
- - name: "setfacl -R -m g:adm:rx /var/log; setfacl -R -d -m g:adm:rx /var/log"
+ - name: "find /var/log -type f -exec setfacl -m g:adm:r '{}' \\;"
hekad_process:
process.absent:
diff --git a/heka/server.sls b/heka/server.sls
index 562dbe3..0886558 100644
--- a/heka/server.sls
+++ b/heka/server.sls
@@ -48,9 +48,13 @@
- user: heka_user
{%- endif %}
+heka_acl_log_dirs:
+ cmd.run:
+ - name: "find /var/log -type d -exec setfacl -m g:adm:rx '{}' \\; -exec setfacl -d -m g:adm:rx '{}' \\;"
+
heka_acl_log:
cmd.run:
- - name: "setfacl -R -m g:adm:rx /var/log; setfacl -R -d -m g:adm:rx /var/log"
+ - name: "find /var/log -type f -exec setfacl -m g:adm:r '{}' \\;"
heka_service:
service.running: