[Puppet - Bug #5482] (Unreviewed) fileserver.conf (as generated by Puppet) has inaccurate comments

[tickets]

Issue #5482 has been reported by Nick Fagerlund.

----------------------------------------
Bug #5482: fileserver.conf (as generated by Puppet) has inaccurate comments
https://projects.puppetlabs.com/issues/5482

Author: Nick Fagerlund
Status: Unreviewed
Priority: Normal
Assignee: 
Category: 
Target version: 
Affected Puppet version: 2.6.3
Keywords: 
Branch: 


On a basic install of Puppet, fileserver.conf says the following: 

    # Adapt the allow/deny settings to your needs. Order
    # for allow/deny does not matter, allow always takes precedence
    # over deny

This is incorrect! Unfortunately, the info in [the fileserver 
docs](http://docs.puppetlabs.com/guides/file_serving.html) is _also_ incorrect, 
so I'm rewriting that. In the meantime, I ran a bunch of tests, and here's what 
I found actually gets done with allow and deny directives. In order:

* More specific trumps less specific
* IP trumps hostname
* Deny trumps allow

That is:

`deny *.magpie.lan` and `allow node1.magpie.lan` -- allowed.

`deny node1.magpie.lan` and `allow node1.magpie.lan` -- denied.

`deny node1.magpie.lan` and `allow 172.16.158.133` -- allowed.

`allow node1.magpie.lan` and `deny 172.16.158.133` -- denied.

`deny *.magpie.lan` and `allow 172.16.158.*` -- allowed.

The order of the directives doesn't matter, though, just like it said. 

I suggest replacing the original comment in that default `fileserver.conf` with 
the following:

    # Adapt the allow/deny settings to your needs. The order of settings doesn't
    # matter, and more specific rules override more general rules. If there's a
    # conflict between equally specific rules, rules based on IP addresses will
    # override rules based on hostnames; if there's still a conflict, the deny 
rule
    # will override the allow rule. 


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-b...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.