[Puppet - Bug #4964] wrong mode for directory /etc/puppet

Tue, 12 Oct 2010 01:10:08 -0700 

Issue #4964 has been updated by Stefan Schulte.


I havent found out where puppet actually creates its directory but 
`puppet/util.rb` has a Function `recmkdir(dir,mode = 0755)` which calls 
`Dir.mkdir(File.join(path), mode)` to create a directory. After a few tests I 
found out that `Dir.mkdir` will always substract umask, so `ruby -e 
'Dir.mkdir("/tmp/test",0775)'` will create a directory with mode = 700 when 
umask is set to 077.

So one solution whould be to create the certificates as root (bypassing the 
whole issue) or explicitly call `File.chmod(mode,dir)` to ensure that the 
puppet user can operate under `/etc/puppet`
----------------------------------------
Bug #4964: wrong mode for directory /etc/puppet
http://projects.puppetlabs.com/issues/4964

Author: Stefan Schulte
Status: Unreviewed
Priority: Normal
Assignee: 
Category: agent
Target version: 
Affected version: 2.6.1
Keywords: 
Branch: 


When I first start Puppet on a new node (2.6.1) i get the following error when 
umask is set to 077:

err: Could not request certificate: Could not write 
/etc/puppet/ssl/private_keys/XX.pem to privatekeydir: Permission denied - 
/etc/puppet/ssl/private_keys/XX.pem

The puppet agent creates /etc/puppet with root:sys (on HP-UX) and 
/etc/puppet/ssl with ownership set to puppet:sys. It looks like puppet tries to 
create the certificate /etc/puppet/ssl/private_keys/XX.pem as the user puppet. 
But that cannot work, when /etc/puppet doesnt allow others to traverse that 
directory (in my case it was created as rwx------)

So when puppet creates /etc/puppet it should look for the correct rights (e.g. 
755)


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to