Issue #8192 has been updated by tgeeky -.
tgeeky - wrote:
> Same circumstance:
>
> * puppet 2.7.1, fresh install
>
> root@planck:/etc# ls -l /tmp/testfile
> -r-sr-sr-x 1 root bin 0 2011-07-07 14:26 /tmp/testfile
>
> * confirm m-o-g: 6555 root bin
>
> file { '/tmp/testfile':
> owner => 'root',
> group => 'root',
> mode => 6555,
> }
>
> * install manifest, m-o-g is: ****decimal**** 6555 root root
>
> * puppet agent --test --onetime --debug trace --verbose
>
> notice: /Stage[main]//File[/tmp/testfile]/group: group changed 'bin' to
> 'root'
> debug: /Stage[main]//File[/tmp/testfile]: The container /tmp/testfile
> will propagate my refresh event
>
> * file is m-o-g: ****octal**** 0555 root root
>
> root@planck:/etc# ls -l /tmp/testfile
> -r-xr-xr-x 1 root root 0 2011-07-07 14:26 /tmp/testfile
>
> * puppet agent --test --onetime --debug trace --verbose
>
> notice: /Stage[main]//File[/tmp/testfile]/mode: mode changed '555' to
> '6555'
> debug: /Stage[main]//File[/tmp/testfile]: The container /tmp/testfile
> will propagate my refresh event
>
> * file is m-o-g ****octal**** 6555 root root
>
> root@planck:/etc# ls -l /tmp/testfile
> -r-sr-sr-x 1 root root 0 2011-07-07 14:26 /tmp/testfile
****repeating the same procedure, except s/6555/06555/****:
notice: /Stage[main]//File[/tmp/testfile]/group: group changed 'bin' to
'root'
notice: /Stage[main]//File[/tmp/testfile]/mode: mode changed '555' to '6555'
It changes in one pass.
root@planck:/etc# ls -l /tmp/testfile
-r-sr-sr-x 1 root root 0 2011-07-07 14:26 /tmp/testfile
----------------------------------------
Bug #8192: puppet breaking setuid bit on group change
https://projects.puppetlabs.com/issues/8192
Author: Jan-Frode Myklebust
Status: Investigating
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version:
Keywords:
Branch:
We have a puppet module that's trying to manage owner, group
and setuid bit on /bin/nice:
file { "/bin/nice":
owner => root,
group => root,
mode => 6555,
}
If the mode is correct, but group is wrong, puppet will fix the
group and lose the setuid bit:
# chgrp bin /bin/nice
# chmod 6555 /bin/nice
# ls -l /bin/nice
-r-sr-sr-x 1 root bin 23424 Jan 26 17:12 /bin/nice
# pkill -USR1 puppet
Jun 29 22:26:29 xsp4 puppetd[21024]: Caught USR1; calling reload
Jun 29 22:26:32 xsp4 puppetd[21024]: (/Stage[main]/SomeSystem::Nice/File
[/bin/nice]/group) group changed 'bin' to 'root'
Jun 29 22:26:33 xsp4 puppetd[21024]: Finished catalog run in 1.86 second
s
# ls -l /bin/nice
-r-xr-xr-x 1 root root 23424 Jan 26 17:12 /bin/nice
And puppet then needs a second run to fix the setuid bit:
# pkill -USR1 puppet
Jun 29 22:26:44 xsp4 puppetd[21024]: (/Stage[main]/SomeSystem::Nice/File
[/bin/nice]/mode) mode changed '555' to '6555'
# ls -l /bin/nice
-r-sr-sr-x 1 root root 23424 Jan 26 17:12 /bin/nice
This has only been tested on v0.25.4 on RHEL5.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
