[Puppet - Bug #8158] Agent doesn't seem to honor manage_internal_file_permissions

[tickets]

Issue #8158 has been updated by tgeeky -.


I clearly don't know what i'm doing, so here's some more debug output:

    root@planck:~/puppet# puppet plugin download --debug
    info: Retrieving plugin
    inside downloader.rb -> file() : path -> /var/lib/puppet/lib, source -> 
puppet://puppet/plugins
    debug: Failed to load library 'selinux' for feature 'selinux'
    debug: Puppet::Type::File::ProviderMicrosoft_windows: feature 
microsoft_windows is missing
    inside downloader.rb -> catalog() : File[/var/lib/puppet/lib]
    inside downloader.rb -> file() : path -> /var/lib/puppet/lib, source -> 
puppet://puppet/plugins
    debug: Failed to load library 'shadow' for feature 'libshadow'
    debug: Failed to load library 'ldap' for feature 'ldap'
    debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; 
using pson
    inside file_setting.rb -> to_resource() -> :manage_internal: /etc/puppet
    inside file_setting.rb -> to_resource() -> :manage_internal: /var/lib/puppet
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/var/lib/puppet/log
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/var/lib/puppet/state
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/var/lib/puppet/run
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/var/lib/puppet/lib
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/certs
    debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
    debug: Puppet::Type::User::ProviderPw: file pw does not exist
    debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl 
does not exist
    debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not 
exist
    inside file_setting.rb -> to_resource() -> :manage_internal: /etc/puppet/ssl
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/public_keys
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/certificate_requests
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/private_keys
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/private
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/certs/planck.d-rive.info.pem
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/private_keys/planck.d-rive.info.pem
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/public_keys/planck.d-rive.info.pem
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/certs/ca.pem
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/etc/puppet/ssl/crl.pem
    inside file_setting.rb -> to_resource() -> :manage_internal: 
/var/lib/puppet/facts
    debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
    debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
    debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
    debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
    debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl]
    debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
    debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring 
File[/etc/puppet/ssl]
    debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring 
File[/etc/puppet/ssl]
    debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring 
File[/etc/puppet/ssl]
    debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
    debug: /File[/etc/puppet/ssl/certs/planck.d-rive.info.pem]: Autorequiring 
File[/etc/puppet/ssl/certs]
    debug: /File[/etc/puppet/ssl/private_keys/planck.d-rive.info.pem]: 
Autorequiring File[/etc/puppet/ssl/private_keys]
    debug: /File[/etc/puppet/ssl/public_keys/planck.d-rive.info.pem]: 
Autorequiring File[/etc/puppet/ssl/public_keys]
    debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring 
File[/etc/puppet/ssl/certs]
    debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl]
    debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
    debug: Finishing transaction 92469540
    notice: /File[/var/lib/puppet/lib]/owner: owner changed 'puppet' to 'root'
    notice: /File[/var/lib/puppet/lib]/group: group changed 'bin' to 'root'
    notice: /File[/var/lib/puppet/lib]/mode: mode changed '700' to '775'
    debug: /File[/var/lib/puppet/lib]: The container /var/lib/puppet/lib will 
propagate my refresh event
    debug: /File[/var/lib/puppet/lib]: The container /var/lib/puppet/lib will 
propagate my refresh event
    debug: /File[/var/lib/puppet/lib]: The container /var/lib/puppet/lib will 
propagate my refresh event
    notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
    debug: /File[/var/lib/puppet/lib/puppet]: The container 
/var/lib/puppet/lib/puppet will propagate my refresh event
    debug: /var/lib/puppet/lib/puppet: The container /var/lib/puppet/lib will 
propagate my refresh event
    debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; 
using pson
    notice: /File[/var/lib/puppet/lib/puppet/parser]/ensure: created
    debug: /File[/var/lib/puppet/lib/puppet/parser]: The container 
/var/lib/puppet/lib/puppet/parser will propagate my refresh event
    debug: /var/lib/puppet/lib/puppet/parser: The container /var/lib/puppet/lib 
will propagate my refresh event
    debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; 
using pson
    notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/ensure: created
    debug: /File[/var/lib/puppet/lib/puppet/parser/functions]: The container 
/var/lib/puppet/lib/puppet/parser/functions will propagate my refresh event
    debug: /var/lib/puppet/lib/puppet/parser/functions: The container 
/var/lib/puppet/lib will propagate my refresh event
    debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; 
using pson
    debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; 
using pson
    notice: /File[/var/lib/puppet/lib/puppet/parser/functions/abs.rb]/ensure: 
defined content as '{md5}16b8452a5066dfeacef11c8a77355220'
    
----------------------------------------
Bug #8158: Agent doesn't seem to honor manage_internal_file_permissions
https://projects.puppetlabs.com/issues/8158

Author: Joe McDonagh
Status: Accepted
Priority: Normal
Assignee: tgeeky -
Category: plug-ins
Target version: 
Affected Puppet version: 2.6.7
Keywords: 
Branch: 


When setting this either in the config under main or agent, or running from CLI:

[/var/lib/puppet] > sudo puppet agent -t --no-manage_internal_file_permissions
info: Retrieving plugin
notice: /File[/var/lib/puppet/lib]/mode: mode changed '755' to '750'
notice: /File[/var/lib/puppet/lib/facter]/mode: mode changed '755' to '750'

This is pretty bad for me right now because devs rely on facts for all sorts of 
work (including revenue generation), and they rely on this running without 
root. 


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.