Issue #4540 has been reported by Alan Barrett.
----------------------------------------
Bug #4540: exec with "user => ..." without "group => ..." should use group from
getpwnam()
http://projects.puppetlabs.com/issues/4540
Author: Alan Barrett
Status: Unreviewed
Priority: Normal
Assigned to:
Category:
Target version:
Affected version:
Keywords:
Branch:
When an exec resource specifies a different user, but does not explicitly
specify a different group, then puppet runs the command with the uid associated
with the specified user, but with the gid and the additional group list
associated with the puppet process.
I expected it to look up the user name using getpwnam() or equivalent, use both
the uid and gid from the result, and also set the supplementary group list
using initgroups(), but it's actually setting only the uid, and leaving the
other values unchanged. The source code does contain a call to initgroups,
but the second arg is the process's gid instead of the target user's gid, and
the result from initgroups seems to be ignored.
After running this manifest:
<pre>
exec { "/usr/xpg4/bin/id >/tmp/puppet-id-test 2>&1",
user => "puppet",
}
</pre>
the /tmp/puppet-id-test file contains a line like this:
<pre>
uid=99(puppet) gid=1(other) groups=0(root),2(bin),3(sys),[...]
</pre>
(where the "gid" and "groups" values are identical to what I see in the shell
that is used to run the test).
I would like the result to look more like this:
<pre>
uid=99(puppet) gid=99(puppet) groups=[any relevant supplementary groups]
</pre>
(where gid 99 comes from the /etc/passwd entry for user puppet, and the
supplementary groups come from /etc/group entries that mention user puppet).
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
