Issue #8986 has been updated by Kelsey Hightower.
Trying to narrow down the source of this issue, I modified
`/lib/puppet/provider/ssh_authorized_key/parsed.rb`:
diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb
b/lib/puppet/provider/ssh_authorized_key/parsed.rb
index 81b1fbc..17428fc 100644
--- a/lib/puppet/provider/ssh_authorized_key/parsed.rb
+++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb
@@ -62,7 +62,8 @@ require 'puppet/provider/parsedfile'
# so calling it here supresses the later attempt by our superclass's
flush method.
self.class.backup_target(target)
- Puppet::Util::SUIDManager.asuser(@resource.should(:user)) { super }
+ # Puppet::Util::SUIDManager.asuser(@resource.should(:user)) { super }
+ Puppet::Util::SUIDManager.asuser('root') { super }
File.chown(uid, nil, target)
File.chmod(file_perm, target)
end
Above I have hard-coded the 'root' user in place of the user defined in the
resource block. There needs to be a discussion on whether or not to limit the
ssh_authorized_key type to updating authorized_keys in user's home directories,
or make it more generic to support managing authorized_keys anywhere.
If a more generic approach is desired then puppet will have to remain as the
"root" user or equivalent when creating the ssh_authorized_key resource.
----------------------------------------
Bug #8986: ssh_authorized_key not setting user permissions in the proper manner.
https://projects.puppetlabs.com/issues/8986
Author: Trevor Vaughan
Status: Unreviewed
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version: 2.7.3rc1
Keywords:
Branch:
In the olden days, ssh_authorized_key, when provided with the 'user' option,
would simply set the ownership of the key to that user.
This worked as I expected.
Now, the ssh_authorized_key type appears to try to write the file *as* the
user. This is incorrect since you may, or may not, be writing the key to
somewhere that the user is allowed write access.
To work around this problem, you need to declare a file statement for every
ssh_authorized_key statement which is cumbersome.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
