Issue #4253 has been updated by James Turnbull. Affected version set to 0.25.5
---------------------------------------- Bug #4253: puppetmaster started in a non accessible directory for the puppet user causing problems http://projects.puppetlabs.com/issues/4253 Author: Peter Meier Status: Needs design decision Priority: Normal Assignee: James Turnbull Category: file Target version: Statler Affected version: 0.25.5 Keywords: Branch: http://github.com/nicklewis/puppet/tree/ticket/2.6.x/4253 running the following code: <pre> file{"/etc/motd": content => generate("/opt/bin/motd_gen.sh", "${hostname}", "${motd_message}"), owner => root, group => 0, mode => 0644; } </pre> Where @/opt/bin/motd_gen.sh@ has the follwing content: <pre> #!/bin/sh /usr/bin/figlet $1 /bin/echo -e "$2" </pre> causes the following problem if puppet is run from a directory (like /root), that the puppet user (to which puppet master drops its privileges) doesn't have access to: <pre> # pwd /root # puppet master --config /srv/puppet/etc/puppet.conf --no-daemonize --masterport 8141 --verbose --debug --trace [...] /usr/lib/ruby/site_ruby/1.8/puppet/parser/compiler.rb:21:in `compile' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/catalog/compiler.rb:77:in `compile' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:175:in `benchmark' /usr/lib/ruby/gems/1.8/gems/activesupport-2.2.2/lib/active_support/core_ext/benchmark.rb:8:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:174:in `benchmark' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/catalog/compiler.rb:75:in `compile' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/catalog/compiler.rb:34:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:193:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:50:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:101:in `do_find' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:68:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:68:in `process' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick/rest.rb:23:in `service' /usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service' /usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:45:in `listen' /usr/lib/ruby/1.8/webrick/server.rb:173:in `call' /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:95:in `start' /usr/lib/ruby/1.8/webrick/server.rb:92:in `each' /usr/lib/ruby/1.8/webrick/server.rb:92:in `start' /usr/lib/ruby/1.8/webrick/server.rb:23:in `start' /usr/lib/ruby/1.8/webrick/server.rb:82:in `start' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `new' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:127:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:142:in `start' /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:125:in `start' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:114:in `main' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:46:in `run_command' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:301:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:398:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:301:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:55:in `execute' /usr/bin/puppet:4 err: Permission denied - /root at /srv/puppet/development/modules/public/motd/manifests/client.pp:4 on node foo.bar.ch </pre> running @puppet master@ from a directory like @/tmp@ works fine. Imho puppet shouldn't leak the CWD to its subprocesses, especially if they're not accessible to them. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
