[Puppet - Bug #15107] (Unreviewed) Invalid permissions on puppet.conf do not get logged when running as master

[tickets]

Issue #15107 has been reported by Ken Barber.

----------------------------------------
Bug #15107: Invalid permissions on puppet.conf do not get logged when running 
as master
https://projects.puppetlabs.com/issues/15107

Author: Ken Barber
Status: Unreviewed
Priority: Normal
Assignee: 
Category: error reporting
Target version: 
Affected Puppet version: 2.7.16
Keywords: puppet.conf permissions
Branch: 


This is something that caught me hard the other day, and made me spend a lot of 
time trying to solve.

If your permissions for puppet.conf are invalid, Puppet doesn't tell you if you 
are running the service as a master:

    # puppet agent  --configprint environment --debug --trace
    /Users/ken/Development/puppet/lib/puppet/util/settings.rb:923:in 
`read_file' 
    /Users/ken/Development/puppet/lib/puppet/util/settings.rb:861:in 
`parse_file'
    /Users/ken/Development/puppet/lib/puppet/util/settings.rb:309:in 
`unsafe_parse'
    /Users/ken/Development/puppet/lib/puppet/util/settings.rb:297:in `parse'
    /Users/ken/.rvm/rubies/ruby-1.8.7-p358/lib/ruby/1.8/sync.rb:230:in 
`synchronize'
    /Users/ken/Development/puppet/lib/puppet/util/settings.rb:296:in `parse'
    /Users/ken/Development/puppet/lib/puppet/application.rb:306:in `run'
    /Users/ken/Development/puppet/lib/puppet/application.rb:407:in 
`exit_on_fail'
    /Users/ken/Development/puppet/lib/puppet/application.rb:306:in `run'
    /Users/ken/Development/puppet/lib/puppet/util/command_line.rb:69:in 
`execute'
    /Users/ken/Development/puppet/bin/puppet:4
    err: Could not parse /Users/ken/.puppet/puppet.conf: Permission denied to 
file /Users/ken/.puppet/puppet.conf
    production
    # puppet master --configprint environment --debug --trace
    production
    #

I've checked this in a Passenger/Webrick scenario and sure enough - nothing 
gets logged as a master. This can really fool a user into thinking something 
terrible has happened but really its just permissions. Since more often then 
not - the master runs as a different user, you might not even see this error 
when running the tool as agent (as above). 

This is especially the case if the permissions are 600, and owned by root as it 
was in my scenario :-).


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.