Make recursivity optional

[vincentbernat]

Recursion can be disabled on a per-target basis. Just specifiy recurse => false. An example has been added.

See #20. This is not an ideal solution has we assume that recurse => no means no directory. Good enough for me.

[thias]

I see what your change does, but I can't seem to figure out when it can be useful. The example you added to the README includes two files, for which having the -R option is harmless and won't change anything.

Since my script also sets the default ACL, which will be applied for all new files created under directories to which the initial ACLs will be set, it's much more consistent to have it be recursive.

Do you have a real world scenario where you want to apply ACLs non-recursively to a directory? I'm very curious :smile:

[vincentbernat]

I want to give access to Puppet certificates to some selected users. Therefore, I want to apply ACL to /var/lib/puppet, /var/lib/puppet/ssl, /var/lib/puppet/ssl/private_keys and /var/lib/puppet/ssl/private_keys/hostname.pem. But I don't want to give access to /var/lib/puppet/clientbucket for example.

[tedwardia]

I have a similar use case where we need to set permissions on a directory, but not it's contents (doing so would be prohibitively IO intensive in our case).

It looks like there need to be some spaces in the 20.erb template file though (before the '-R' and '-m' flags), otherwise some of the options get mashed together.

e.g. This:

ACLOPTS[<%= f %>]+="<% if @recurse %>-R<% end %><% @permissions.flatten.each do |p| %> -m <%= p %><%if @recurse %>-m d:<%= p %><% end %><% end %>"

Should be:

ACLOPTS[<%= f %>]+="<% if @recurse %> -R<% end %><% @permissions.flatten.each do |p| %> -m <%= p %><%if @recurse %> -m d:<%= p %><% end %><% end %>"