[Puppet - Bug #4192] Puppet changes permissions on /var/run, causing security spam every night from OpenBSD

[tickets]

Issue #4192 has been updated by Joe McDonagh.


This is getting more and more annoying, I looked at the code and removed 
managing rundir from it, because I can't think of a good reason to manage this 
directory anyways. Here is the patch.

<pre>
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index 318ff41..7431b0d 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -24,11 +24,6 @@ module Puppet
         this directory can be removed without causing harm (although it
         might result in spurious service restarts)."
     },
-    :rundir => {
-      :default => Puppet.run_mode.run_dir,
-      :mode => 01777,
-      :desc => "Where Puppet PID files are kept."
-    },
     :genconfig => [false,
       "Whether to just print a configuration to stdout and exit.  Only makes
       sense when used interactively.  Takes into account arguments specified
</pre>
----------------------------------------
Bug #4192: Puppet changes permissions on /var/run, causing security spam every 
night from OpenBSD
http://projects.puppetlabs.com/issues/4192

Author: Joe McDonagh
Status: Investigating
Priority: Normal
Assigned to: Matt Robinson
Category: 
Target version: Statler
Affected version: 0.25.4
Keywords: 
Branch: 


Puppet wants /var/run to be mod 1777 on OpenBSD, but it's mod 755:

<pre>
debug: /File[/var/run]: Changing mode
debug: /File[/var/run]: 1 change(s)
debug: /File[/var/run]/mode: mode changed '755' to '1777'
</pre>

I'm not really certain why puppet cares about that folder's permissions. 
Someone on IRC claimed this didn't happen on Linux, however on my Linux boxes 
my /var/run is mod 1777.

The end result of this is that the security reports from OpenBSD come in every 
night, when they should only be coming in when there is a security problem.




-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-b...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.