Issue #8158 has been updated by tgeeky -.
Status changed from Accepted to Needs Decision
Keywords set to downloader.rb
Aha!
I already knew the owner-group is coming from
(lib/puppet/configurer/downloader.rb):
def default_arguments
{
:path => path,
:recurse => true,
:source => source,
:tag => name,
:owner => Process.uid,
:group => Process.gid,
:purge => true,
:force => true,
:backup => false,
:noop => false
}
end
But it appears the modeline is coming from the source directory of the plugins,
on the server:
root@planck:/etc/puppet/modules# ls -l
total 12
drwxrwxr-x 4 puppet puppet 4096 2011-07-07 17:32 concat
drwxrwxr-x 4 puppet puppet 4096 2011-07-05 21:01 production
drwx------ 6 puppet bin 4096 2011-07-07 17:35 puppetlabs-functions
root@planck:/etc/puppet/modules# chown puppet:bin /var/lib/puppet/lib;chmod
000 /var/lib/puppet/lib;ls -ld /var/lib/puppet/lib
d--------- 3 puppet bin 4096 2011-07-07 18:36 /var/lib/puppet/lib
root@planck:/etc/puppet/modules# puppet plugin download
inside downloader.rb -> file() : path -> /var/lib/puppet/lib, source ->
puppet://puppet/plugins
inside downloader.rb -> catalog() : File[/var/lib/puppet/lib]
inside downloader.rb -> file() : path -> /var/lib/puppet/lib, source ->
puppet://puppet/plugins
inside file_setting.rb -> to_resource() -> :manage_internal: /etc/puppet
inside file_setting.rb -> to_resource() -> :manage_internal: /var/lib/puppet
inside file_setting.rb -> to_resource() -> :manage_internal:
/var/lib/puppet/log
inside file_setting.rb -> to_resource() -> :manage_internal:
/var/lib/puppet/state
inside file_setting.rb -> to_resource() -> :manage_internal:
/var/lib/puppet/run
inside file_setting.rb -> to_resource() -> :manage_internal:
/var/lib/puppet/lib
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/certs
inside file_setting.rb -> to_resource() -> :manage_internal: /etc/puppet/ssl
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/public_keys
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/certificate_requests
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/private_keys
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/private
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/certs/planck.d-rive.info.pem
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/private_keys/planck.d-rive.info.pem
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/public_keys/planck.d-rive.info.pem
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/certs/ca.pem
inside file_setting.rb -> to_resource() -> :manage_internal:
/etc/puppet/ssl/crl.pem
inside file_setting.rb -> to_resource() -> :manage_internal:
/var/lib/puppet/facts
notice: /File[/var/lib/puppet/lib]/owner: owner changed 'puppet' to 'root'
notice: /File[/var/lib/puppet/lib]/group: group changed 'bin' to 'root'
notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/parser]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/parser/functions/abs.rb]/ensure:
defined content as '{md5}16b8452a5066dfeacef11c8a77355220'
Downloaded these plugins: /var/lib/puppet/lib, /var/lib/puppet/lib/puppet,
/var/lib/puppet/lib/puppet/parser, /var/lib/puppet/lib/puppet/parser/functions,
/var/lib/puppet/lib/puppet/parser/functions/abs.rb
root@planck:/etc/puppet/modules# ls -ld /var/lib/puppet/lib
drwx------ 3 root root 4096 2011-07-07 18:36 /var/lib/puppet/lib
So, this begs two questions:
1. Joe, is your /etc/puppet/modules/<something> directory set to ****750****
somewhere?
2. Is this mode-setting behavior a ****feature****, a ****bug****, or something
else?
3. Are Process.uid and Process.gid the appropriate places to be getting
owner/groups?
----------------------------------------
Bug #8158: Agent doesn't seem to honor manage_internal_file_permissions
https://projects.puppetlabs.com/issues/8158
Author: Joe McDonagh
Status: Needs Decision
Priority: Normal
Assignee: tgeeky -
Category: plug-ins
Target version:
Affected Puppet version: 2.6.7
Keywords: downloader.rb
Branch:
When setting this either in the config under main or agent, or running from CLI:
[/var/lib/puppet] > sudo puppet agent -t --no-manage_internal_file_permissions
info: Retrieving plugin
notice: /File[/var/lib/puppet/lib]/mode: mode changed '755' to '750'
notice: /File[/var/lib/puppet/lib/facter]/mode: mode changed '755' to '750'
This is pretty bad for me right now because devs rely on facts for all sorts of
work (including revenue generation), and they rely on this running without
root.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
