Issue #2451 has been updated by Trevor Vaughan.
I just responded to the thread and I feel that the default behaviour is correct for five nines of the cases out there. In the off chance that you absolutely need a strange directory that can't be traversed, the more secure option is to use POSIX extended ACLs, SELinux, or some other type of MAC overlay (GRSecurity, Solaris TE, whatever). Otherwise, I really don't see the point of not having the execute bit on a directory. I definitely see the point of not having the read or write bits, but if you're trying to protect a directory from everyone but root, just use Posix extended ACLs and make the mode 751. ---------------------------------------- Bug #2451: File type should support separate directory permissions http://projects.reductivelabs.com/issues/2451 Author: Larry Ludwig Status: Accepted Priority: Normal Assigned to: Category: file Target version: Complexity: Unknown Affected version: 0.24.8 Keywords: If you do: <pre> file { '/tmp/test': mode => '644', ensure => directory, } [r...@localhost manifests]# puppet resource_defaults.pp --verbose --debug debug: Creating default schedules debug: Failed to load library 'ldap' for feature 'ldap' debug: Finishing transaction -606516548 with 0 changes debug: //File[/tmp/test]: Changing mode debug: //File[/tmp/test]: 1 change(s) notice: //File[/tmp/test]/mode: mode changed '777' to '755' debug: Finishing transaction -605478848 with 1 changes </pre> The mode set it NOT correct it should be set to 644 for that folder. This is because of security reasons. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
