Issue #5240 has been updated by Daniel Pittman.
Nigel Kersten wrote: > Daniel Pittman wrote: > > > A core principle of Puppet is that you can choose to only manage the > > > attributes of a resource that you care about, and can leave the rest > > > unmanaged. > > > > That said, I think this is something we absolutely *should* change. > > The core principle above should change? No, the default of assuming that we should inherit the numeric UID/GID for files over the Puppet protocol by default, in favour of having a consistent default. (eg: 0:0, or puppet:puppet) when it is unspecified. Which wasn't clear. ;) At the moment we have an indirect way of managing those values on files we pull down, and it isn't a very useful default. Since it is "unspecified", changing that behaviour should be within reason, though we would want to call it out, and do it on a major version boundary. ---------------------------------------- Bug #5240: Default ownership for newly created files when uid/gid are unspecified https://projects.puppetlabs.com/issues/5240 Author: Markus Falb Status: Investigating Priority: Normal Assignee: Nigel Kersten Category: file Target version: Affected Puppet version: 0.25.5 Keywords: Branch: file { "/bla/bla.txt": ensure => file, source => "puppet:///bla/bla.txt", } The file on puppetmaster belongs to user x with uid y and it is created on the client with uid y whatever user this translates to. A user for uid y may or may not exists on the client. uids/gids on puppetmaster and puppetd are not necessarily synchronised. If I forget to set a ownership explicitly possibly unrelated users on the client may access files. This behaviour is potentially unsecure. On puppetmaster (note the -n switch): #$ ls -n bla.txt -rw-r--r-- 1 502 301 4 8 Nov 16:25 bla.txt The result on the client (user/group does not exist): #$ ls -l bla.txt -rw-r--r-- 1 502 301 4 Nov 8 16:39 bla.txt Expected behaviour: I would like to rely on reasonable defaults. When no user/group is explicitly defined, files should be created with ownership of the user puppet runs as: #$ ls -l bla.txt -rw-r--r-- 1 root root 4 Nov 8 16:39 bla.txt -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
