Issue #8192 has been updated by Josh Cooper.
Status changed from Accepted to Needs Decision
Assignee set to Nigel Kersten
FYI, this is not an issue in 2.7.x (circa 2.7.7)
Given file owned by root, group staff, mode 6555:
<pre>
$ sudo chown root:staff /tmp/testfile
$ sudo chmod 6555 /tmp/testfile
$ ls -l /tmp/testfile
-r-sr-sr-x 1 root staff 0B Nov 21 17:11 /tmp/testfile*
</pre>
And a manifest that changes the group, but not the mode:
<pre>
file { '/tmp/testfile':
ensure => 'file',
owner => 'root',
group => 'wheel',
mode => 6555,
}
</pre>
When the manifest is applied:
<pre>
$ sudo env RUBYLIB=$RUBYLIB puppet apply ~/work/manifests/8192-setuid.pp
--verbose
...
notice: /Stage[main]//File[/tmp/testfile]/group: group changed 'staff' to
'wheel'
</pre>
Puppet correctly changes the group, but leaves the mode intact:
<pre>
$ ls -l /tmp/testfile
-r-sr-sr-x 1 root wheel 0B Nov 21 17:11 /tmp/testfile*
</pre>
And I get the same correct behavior when the manifest mode is '6555' or '06555'
----------------------------------------
Bug #8192: puppet breaking setuid bit on group change
https://projects.puppetlabs.com/issues/8192
Author: Jan-Frode Myklebust
Status: Needs Decision
Priority: Normal
Assignee: Nigel Kersten
Category:
Target version:
Affected Puppet version:
Keywords:
Branch:
We have a puppet module that's trying to manage owner, group
and setuid bit on /bin/nice:
file { "/bin/nice":
owner => root,
group => root,
mode => 6555,
}
If the mode is correct, but group is wrong, puppet will fix the
group and lose the setuid bit:
# chgrp bin /bin/nice
# chmod 6555 /bin/nice
# ls -l /bin/nice
-r-sr-sr-x 1 root bin 23424 Jan 26 17:12 /bin/nice
# pkill -USR1 puppet
Jun 29 22:26:29 xsp4 puppetd[21024]: Caught USR1; calling reload
Jun 29 22:26:32 xsp4 puppetd[21024]:
(/Stage[main]/SomeSystem::Nice/File[/bin/nice]/group) group changed 'bin' to
'root'
Jun 29 22:26:33 xsp4 puppetd[21024]: Finished catalog run in 1.86
seconds
# ls -l /bin/nice
-r-xr-xr-x 1 root root 23424 Jan 26 17:12 /bin/nice
And puppet then needs a second run to fix the setuid bit:
# pkill -USR1 puppet
Jun 29 22:26:44 xsp4 puppetd[21024]:
(/Stage[main]/SomeSystem::Nice/File[/bin/nice]/mode) mode changed '555' to
'6555'
# ls -l /bin/nice
-r-sr-sr-x 1 root root 23424 Jan 26 17:12 /bin/nice
This has only been tested on v0.25.4 on RHEL5.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
