From b355a81311102e829270e3e798d327c6e7cc9df7 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Tue, 20 May 2008 20:08:35 +0000
Subject: Some backupninja module updates from anarcat: Wed Apr 30 16:22:48 EDT
 2008  anarcat@koumbit.org   * remove read permissions on backup directory on
 group so that a sandbox user can't read other people's directories Wed Apr 30
 16:01:53 EDT 2008  anarcat@koumbit.org   * default the sandbox host to local
 ($fqdn) and depend on the sandbox directory properly Thu Mar 13 18:49:38 EDT
 2008  anarcat@koumbit.org   * create the backup directory along with the user

---
 manifests/server.pp | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/manifests/server.pp b/manifests/server.pp
index 40b2dca..34091d1 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -9,17 +9,27 @@ class backupninja::server {
     }
     file { "$backupdir":
             ensure => "directory",
-            mode => 750, owner => root, group => "backupninjas"
+            mode => 710, owner => root, group => "backupninjas"
     }
     User <<| tag == "backupninja-$fqdn" |>>
+    File <<| tag == "backupninja-$fqdn" |>>
 
     # this define allows nodes to declare a remote backup sandbox, that have to
     # get created on the server
-    define sandbox($host, $dir = false, $uid = false, $gid = "backupninjas") {
+    define sandbox($host = false, $dir = false, $uid = false, $gid = "backupninjas") {
+        $real_host = $host ? {
+	    false => $fqdn,
+	    default => $host,
+	}
         $real_dir = $dir ? {
 	    false => "${backupninja::server::backupdir}/$fqdn",
 	    default => $dir,
 	}
+      	@@file { "$real_dir":
+	    ensure => "directory",
+	    mode => 750, owner => $name, group => 0,
+            tag => "backupninja-$real_host",
+	}
         case $uid {
             false: {
                 @@user { "$name":
@@ -30,8 +40,8 @@ class backupninja::server {
                     managehome => true,
                     shell   => "/bin/sh",
                     password => '*',
-                    require => [ Group['backupninjas'], File["/backup"] ],
-                    tag => "backupninja-$host"
+                    require => Group['backupninjas'],
+                    tag => "backupninja-$real_host"
                 }
             }
             default: {
@@ -44,8 +54,8 @@ class backupninja::server {
                     managehome => true,
                     shell   => "/bin/sh",
                     password => '*',
-                    require => [ Group['backupninjas'], File["/backup"] ],
-                    tag => "backupninja-$host"
+                    require => Group['backupninjas'],
+                    tag => "backupninja-$real_host"
                 }
             }
         }
-- 
cgit v1.2.3