Issue #1890 has been updated by Dan Bode. Assigned to deleted (Andrew Shafer) Affected version changed from 0.24.7 to 0.25.1
[r...@localhost ~]# puppetmasterd --version 0.25.1 [r...@localhost ~]# [r...@localhost ~]# puppetmasterd --no-daemonize --verbose warning: /File[/var/lib/puppet/yaml]/owner: Cannot manage ownership unless running as root warning: /File[/var/log/puppet/masterhttp.log]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/rrd]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/bucket]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/reports]/owner: Cannot manage ownership unless running as root notice: Starting Puppet server version 0.25.1 warning: /File[/var/lib/puppet/ssl]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/private_keys]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/private_keys/puppet.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/public_keys]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/public_keys/puppet.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/crl.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/private]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/certificate_requests]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/certs]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/certs/puppet.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/certs/ca.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/log/puppet]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/crl.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/public_keys]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/public_keys/puppet.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/certs]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/certs/puppet.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/certs/ca.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/ca_crt.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/ca_crl.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/signed]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/ca_key.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/serial]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/inventory.txt]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/ca_pub.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/requests]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/private]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/ca/private/ca.pass]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/certificate_requests]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/private]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/private_keys]/owner: Cannot manage ownership unless running as root warning: /File[/var/lib/puppet/ssl/private_keys/puppet.pem]/owner: Cannot manage ownership unless running as root warning: /File[/var/log/puppet]/owner: Cannot manage ownership unless running as root ---------------------------------------- Bug #1890: puppetmasterd initialization attempts to change ownership after it has dropped permissions http://projects.reductivelabs.com/issues/1890 Author: micah - Status: Closed Priority: Normal Assigned to: Category: plumbing Target version: 0.25.0 Affected version: 0.25.1 Keywords: Branch: The puppetmasterd runs with 'user=puppet' and 'group=puppet' by default, however it seems like there are some initialization things that happen with 0.24.7 that require root permissions, but happen after the root user/group has privileges have been dropped to the puppet user: <pre> 25 19:04:28 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[puppetmasterd]/File[/var/log/puppet/masterhttp.log]/owner) Cannot manage ownership unless running as root Jan 25 19:04:28 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[puppetmasterd]/File[/var/lib/puppet/bucket]/owner) Cannot manage ownership unless running as root Jan 25 19:04:28 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[rails]/File[/var/log/puppet/rails.log]/owner) Cannot manage ownership unless running as root Jan 25 19:04:28 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[rails]/File[/var/log/puppet/rails.log]/group) change from root to puppet failed: failed to chgrp /var/log/puppet/rails.log to 102: Operation not permitted - /var/log/puppet/rails.log Jan 25 19:04:28 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[puppetmasterd]/File[/var/lib/puppet/yaml]/owner) Cannot manage ownership unless running as root Jan 25 19:04:28 puppetmaster puppetmasterd[14238]: Could not call: Got 1 failure(s) while initializing: change from root to puppet failed: failed to chgrp /var/log/puppet/rails.log to 102: Operation not permitted - /var/log/puppet/rails.log Jan 25 19:04:41 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[puppetmasterd]/File[/var/log/puppet/masterhttp.log]/owner) Cannot manage ownership unless running as root Jan 25 19:04:41 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[puppetmasterd]/File[/var/lib/puppet/yaml]/owner) Cannot manage ownership unless running as root Jan 25 19:04:41 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[rails]/File[/var/log/puppet/rails.log]/owner) Cannot manage ownership unless running as root Jan 25 19:04:41 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[rails]/File[/var/log/puppet/rails.log]/group) change from root to puppet failed: failed to chgrp /var/log/puppet/rails.log to 102: Operation not permitted - /var/log/puppet/rails.log Jan 25 19:04:41 puppetmaster puppetmasterd[14238]: (/Settings[/etc/puppet/puppet.conf]/Settings[puppetmasterd]/File[/var/lib/puppet/bucket]/owner) Cannot manage ownership unless running as root Jan 25 19:04:41 puppetmaster puppetmasterd[14238]: Could not call: Got 1 failure(s) while initializing: change from root to puppet failed: failed to chgrp /var/log/puppet/rails.log to 102: Operation not permitted - /var/log/puppet/rails.log </pre> These go away if I change puppetd.conf to have user=root, group=root, but puppetmaster should be able to continue to run as user puppet. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
