[09:34:03] <klausman>	 So how does one make sure a puppet-distributed script in ~/bin gets the x bit? 
[09:42:51] <Emperor>	 if you're using a file resource, you can set mode to something suitable
[09:44:02] <Emperor>	 [also, these days you want the mastodon bit, not the x bit ;p ]
[09:45:29] <Emperor>	 (e.g. 0755 for root rwx, group rx, other rx)
[09:45:30] <klausman>	 I was just dumping it in modules/admin/files/home/klausman/bin/
[09:45:42] <klausman>	 But git doesn't track permissions
[09:45:52] <Emperor>	 I think it does
[09:46:24] <klausman>	 https://gerrit.wikimedia.org/r/c/operations/puppet/+/1305053 mentions the x bit on my file, but puppet doesn't distribute it
[09:46:35] <Emperor>	 (or at least I've changed permissions in git before with the expected results, but I don't know if the code that does home-dirs has other settings)
[09:47:03] <_joe_>	 git does track permissions, but I don't think puppet's recurse => true does
[09:47:22] <_joe_>	 the documentation makes no promises about it
[09:48:58] <_joe_>	 specifically, I suspect that if the permissions on the directory are 750, that gets translated to 640 on the contained files
[09:49:06] <klausman>	 mhmmm
[09:53:00] <klausman>	 Still no joy :-/
[09:53:11] <_joe_>	 yeah that's what I told you
[09:53:31] <klausman>	 Oh, I completely misparsed that :)
[09:53:39] <_joe_>	 puppet does manage resources recursively and enforces the permissions on the contained files
[09:54:01] <_joe_>	 so what I do, which might have been a result of finding this out years ago, is to define shell functions instead
[09:54:57] <_joe_>	 see https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/refs/heads/production/modules/admin/files/home/oblivian/.bashrc
[09:55:30] <klausman>	 ack, will have a look
[09:55:53] <_joe_>	 puppet is opinionated, usually in the wrong way
[09:56:56] <_joe_>	 I keep thinking that making server config management tools smart wasn't a great idea. I enjoyed more using that "glorified tar+bash script" system that originated at google
[09:56:59] <_joe_>	 what was its name
[09:57:16] <_joe_>	 slack, I think?
[09:57:41] <klausman>	 Must've been before or after my time. While there, I only dealt with MSV
[09:57:53] <_joe_>	 I assume before
[09:57:59] <klausman>	 (Machine State Verification)
[09:59:47] <_joe_>	 the name already promises all the wrong things :)
[10:02:10] <klausman>	 Yeah, it was a beast. And its config file (master.rules) was one of the unholy trinity of "most dangerous files in prod"
[10:02:38] <klausman>	 The other two were borglet_config.borg and the borgmaster config
[10:03:02] <klausman>	 I had the dubious honor of being one of the two dozen people or so that had edited all three
[10:18:32] <claime>	 klausman: can I merge your change?
[10:18:40] <klausman>	 yes
[10:18:41] * Emperor giggles at alias please="sudo !!"
[10:19:49] <claime>	 I set up sudo to use `Defaults insults` in multiple past companies
[10:20:51] <Emperor>	 one of my colleagues at Fenland Polytechnic got the emails when people ran sudo on the public workstations.
[10:21:05] <klausman>	 It's way too hairy to hack without changing absh itself but I always wanted "somecommand, dammit" to the same as "sudo somecommand"
[10:21:35] <Emperor>	 Occasionally students realised it would be "funny" to do "sudo you smell" or equivalent. Said colleague would tend to summon them in for Words To Be Had
[10:22:11] <klausman>	 More recent versions of sudo on Debian don't send mails for that anymore (by default), I think
[10:22:25] <Emperor>	 (we did also sometimes have the "sudo really sorry didn't mean to do that" shortly afterwards)