permissions model

[mc0e]

The permissions set up by this module work fine if everything is owned and edited by the user and group of the web server process. That's typical for many shared web hosts, but I wouldn't have thought that's where puppet would be used.

On our server we have group based access for editing (requiring chmod g+w, and directories chmod g+s). we make appropriate directories group owned by www-data, and editors are also in that group. Of course other permissions modules are also likely.

Is it within the likely scope of this module to cater to alternative permissions modules, or should I be looking at forking the module?

I'm also concerned by puppet checking permissions on every run. This is a slow operation. Perhaps this should only happen on the initial installation. Besides running faster, that would also make the module more flexible for subsequently modifying the permissions scheme.