Issue #1806 has been updated by James Turnbull. Status changed from Ready for Testing to Needs design decision
Luke? Thoughts? Still no tests obviously but your feedback on the patch would be good. I'll send to the list for comment. ---------------------------------------- Bug #1806: supplementary groups are not reset http://projects.reductivelabs.com/issues/1806 Author: Till Maas Status: Needs design decision Priority: Normal Assigned to: Luke Kanies Category: plumbing Target version: 0.26.0 Complexity: Unknown Affected version: 0.24.6 Keywords: I noticed that puppetmasterd does not reset it's supplementary groups when switching to a different user. Therefore, if puppetmasterd is started manually by root, e.g. with "service puppetmaster start" on Fedora or CentOS, then it keeps the supplementary groups. This may allow puppet to access files, that it should not, i.e. files that are only readable by members of the group "root". Also it may lead to a situation where puppet cannot access a file, because it can be only accessed for users in a certain group, that is not the primary group of puppet. Attached are two patches, the first fixes puppetmasterd itself. I copied it into an older release of puppet, where it worked. The second patch is completely untested. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
