Issue #1806 has been updated by James Turnbull.
Till - can you rebase your latest patch please against master. ---------------------------------------- Bug #1806: supplementary groups are not reset http://projects.reductivelabs.com/issues/1806 Author: Till Maas Status: Ready for Testing Priority: Normal Assigned to: Category: plumbing Target version: Rowlf Affected version: 0.24.6 Keywords: Branch: I noticed that puppetmasterd does not reset it's supplementary groups when switching to a different user. Therefore, if puppetmasterd is started manually by root, e.g. with "service puppetmaster start" on Fedora or CentOS, then it keeps the supplementary groups. This may allow puppet to access files, that it should not, i.e. files that are only readable by members of the group "root". Also it may lead to a situation where puppet cannot access a file, because it can be only accessed for users in a certain group, that is not the primary group of puppet. Attached are two patches, the first fixes puppetmasterd itself. I copied it into an older release of puppet, where it worked. The second patch is completely untested. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
