Issue #7649 has been updated by Daniel Pittman.
So, I believe this is going to be a pattern, and we should look deeper than just this single bug fix. The root is that a bunch of our code is written on the assumption that we have configured the entire environment based on our run-mode: if we were root, we changed UID, etc, etc. Now that the Faces code exposes this all over the place we need to decide which of these we do: 1. Ensure that the face CLI support code does the right UID changing, etc. 2. Ensure that every face makes the right UID changes, etc. 3. Ensure that every indirection terminus makes the right UID changes, etc. Then, obviously, action it. This same problem will turn up, potentially, in at least the certificate faces where they work with local data storage, and in the secret agent, and the faces that support it. (Actually, anything that writes to local disk potentially makes a mess of things. :) ---------------------------------------- Bug #7649: puppet file store poisons bucketdir with root-owned directories https://projects.puppetlabs.com/issues/7649 Author: Nick Fagerlund Status: Accepted Priority: Normal Assignee: Category: Faces Target version: Affected Puppet version: Keywords: Branch: root@redmaster:/var/lib/puppet/bucket# puppet file store ~/manifests/trevor.pp --mode master {md5}1e32cc9390e55ac1cac315a6f42f96ae root@redmaster:/var/lib/puppet/bucket# ls -lah total 28K drwxr-x--- 7 puppet puppet 4.0K 2011-05-24 14:06 . drwxr-xr-x 15 puppet root 4.0K 2011-03-14 11:32 .. drwxrwx--- 3 root root 4.0K 2011-05-24 14:06 1 drwxrwx--- 3 puppet puppet 4.0K 2011-05-24 13:44 3 drwxrwx--- 3 root root 4.0K 2011-05-20 14:53 5 drwxrwx--- 3 puppet puppet 4.0K 2011-05-24 11:58 8 drwxrwx--- 3 root root 4.0K 2011-05-24 13:46 d Any files added to the bucket with `puppet file store` will be owned by root. Since the bucketdir has default permissions of 750, puppet master can't read any files stored that way. Actually, it's worse than that: if this was the first file in the bucket with an md5 that starts with 1, puppet master will never be able to store any other files starting with 1. nick@magpie:~$ puppet file upload /Users/nick/Desktop/Language\ cheat\ 2011.04.18\ \(\ 1PM\).txt err: Error 400 on SERVER: Permission denied - /var/lib/puppet/bucket/5/3 err: Try 'puppet help file upload' for usage (Upload is a one-off tweak of store, btw.) Anyway, this action shouldn't be leaving these files owned by root; it should be creating them as the serviceuser. (Unless it gets re-rigged to use the clientbucketdir, in which case it would be moot?) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
