Issue #5240 has been updated by Reid Vandewiele.
Markus Falb wrote: > Nigel Kersten wrote: > > It sounds like we're getting close to a consensus :) > > > > * If uid/gid are undefined, do not modify existing file. > > And possibly warn if uid/gid of the file does not match uid/gid of the > current Puppet process. > If the determination is made that the "right" way to use file resources is to have an explicit owner/group set, then a warning is warranted. But the warning should not be that a uid/gid doesn't match that of the current puppet process; it should be that a uid/gid isn't declared. The behavior wherein puppet would set the uid/gid of managed files to match the uid/gid of the source files seems to have been found by consensus to be a problem. Therefore it doesn't make sense to issue any warnings based on that behavior. To do so would be to effectively inject legacy debugging into puppet. Again though, making the assumption that it is "correct" to set uid/gid, it does make sense to issue a warning when managing a file where the uid/gid is not explicitely set. ---------------------------------------- Bug #5240: Default ownership https://projects.puppetlabs.com/issues/5240 Author: Markus Falb Status: Investigating Priority: Normal Assignee: Nigel Kersten Category: file Target version: Affected Puppet version: 0.25.5 Keywords: Branch: file { "/bla/bla.txt": ensure => file, source => "puppet:///bla/bla.txt", } The file on puppetmaster belongs to user x with uid y and it is created on the client with uid y whatever user this translates to. A user for uid y may or may not exists on the client. uids/gids on puppetmaster and puppetd are not necessarily synchronised. If I forget to set a ownership explicitly possibly unrelated users on the client may access files. This behaviour is potentially unsecure. On puppetmaster (note the -n switch): #$ ls -n bla.txt -rw-r--r-- 1 502 301 4 8 Nov 16:25 bla.txt The result on the client (user/group does not exist): #$ ls -l bla.txt -rw-r--r-- 1 502 301 4 Nov 8 16:39 bla.txt Expected behaviour: I would like to rely on reasonable defaults. When no user/group is explicitly defined, files should be created with ownership of the user puppet runs as: #$ ls -l bla.txt -rw-r--r-- 1 root root 4 Nov 8 16:39 bla.txt -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
