SaltStack: Change linux ACLs for /home/*/input/

access-control-list saltstack

There are roughly 30 users and 30 directories with this structure on a SaltStack minion:

/home/user1/input/
/home/user2/input/
/home/user3/input/
/home/user4/input/
...

I know how to change the linux ACLs for a single file via salt. In this example user "foo" gets read access:

home_user1_input_readable:
  acl.present:
    - name: /home/user1/input
    - acl_type: user
    - acl_name: foo
    - perms: r

Source: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.linux_acl.html

But how can I do this for N users?

With other word: Is there a way to do globbing here?


If you have a known users list, you may want to use a loop:

{% for user in users %}
home_{{ user }}_input_readable:
  acl.present:
    - name: /home/{{ user }}/input
    - acl_type: user
    - acl_name: foo
    - perms: r
{% endfor %}

If you don't have it, you can get it from the minions with:

{% set users = salt['user.list_users']() %}

Then loop for all users having a input directory with something like:

{% for user in users %}
{%   set userdef = salt['user.info'](user) %}
{%   if salt['file.directory_exists'](userdef.home + '/input') %}
home_{{ user }}_input_readable:
  acl.present:
    - name: /home/{{ user }}/input
    - acl_type: user
    - acl_name: foo
    - perms: r
{%   endif %}
{% endfor %}

Related

VPN: ERROR: Linux route add command failed with status 2
How to set unix socket backlog with systemd?
Applying ownership patterns from another server
script works manually but not in cron job
Cannot access my webserver using its public address
How to set public hostname
HTAccess Directory Index with PHP-Files
Configuring nameserver per domain?
Varnish send while cache
Accessing phpmyadmin in Nginx directly from IP address (without a subdomain)
PHP-FPM status is empty
IP Address Alias