Issue 2600 - Normalize ownership and priviliges for Nginx logs

modules/nginx/manifests/init.pp

Index: modules/nginx/manifests/init.pp
===================================================================
--- a/modules/nginx/manifests/init.pp
+++ b/modules/nginx/manifests/init.pp
@@ -119,6 +119,29 @@
     require => Package['nginx']
   }
 
+  $log_path = '/var/log/nginx'
+
+  $user_quoted = shellquote($nginx::params::user)
+  $chown_find_cmd_base = "find ${log_path} -mindepth 1 -maxdepth 1 -type f \( \! -user ${user_quoted} -o \! -group adm \)"
+  $chown_cmd = "$chown_find_cmd_base -ls -exec chown ${user_quoted}.adm {} \;"
+  $chown_onlyif_cmd = "test $(${chown_find_cmd_base} -print |wc -l) -gt 0"
+  exec {"set_logfiles_owner":
+    command => $chown_cmd,
+    onlyif => $chown_onlyif_cmd,
+    path => '/bin:/usr/bin',

[mathias, 2015/07/09 14:28:47]

Please use "/usr/bin:/bin".

+    require => Package['nginx'],
+  }
+
+  $chmod_find_cmd_base = "find ${log_path} -mindepth 1 -maxdepth 1 -type f \! -perm 0640"
+  $chmod_cmd = "$chmod_find_cmd_base -ls -exec chmod 0640 {} \;"
+  $chmod_onlyif_cmd = "test $(${chmod_find_cmd_base} -print |wc -l) -gt 0"
+  exec {"set_logfiles_permissions":
+    command => $chmod_cmd,   
+    onlyif => $chmod_onlyif_cmd,
+    path => '/bin:/usr/bin',

[mathias, 2015/07/09 14:28:47]

It may actually be easier to use a class-wide `Exec { path => "..." }` instead
of applying the aforementioned change twice.

+    require => Package['nginx'],
+  }
+
   service {'nginx':
     ensure => running,
     enable => true,