Issue #5240 has been updated by Thomas Guthmann.
Bump. I am using puppet 3.0.1 and we still have this problem. 99% of the time we set owner, group and mode but lately we found some oversights. In puppet 2.7 all files were owned by root and since we've migrated to our new puppet 3 platform files are own by puppet (not your fault it's how we set it up). And consequently, we discover this issue. You talked about a change for a major version, looks like you missed a chance to fix this bug for puppet 3.x. I believe we should be able to set the default in the main config therefore people can setup whatever they prefer. If no defaults are set in the main config, I would recommend deploy the file as root:root. But, yes this can be a philosophical discussion. You just have to take a decision and document it. ---------------------------------------- Bug #5240: Default ownership for newly created files when uid/gid are unspecified https://projects.puppetlabs.com/issues/5240#change-75474 Author: Markus Falb Status: Investigating Priority: Normal Assignee: Nigel Kersten Category: file Target version: Affected Puppet version: 0.25.5 Keywords: Branch: file { "/bla/bla.txt": ensure => file, source => "puppet:///bla/bla.txt", } The file on puppetmaster belongs to user x with uid y and it is created on the client with uid y whatever user this translates to. A user for uid y may or may not exists on the client. uids/gids on puppetmaster and puppetd are not necessarily synchronised. If I forget to set a ownership explicitly possibly unrelated users on the client may access files. This behaviour is potentially unsecure. On puppetmaster (note the -n switch): #$ ls -n bla.txt -rw-r--r-- 1 502 301 4 8 Nov 16:25 bla.txt The result on the client (user/group does not exist): #$ ls -l bla.txt -rw-r--r-- 1 502 301 4 Nov 8 16:39 bla.txt Expected behaviour: I would like to rely on reasonable defaults. When no user/group is explicitly defined, files should be created with ownership of the user puppet runs as: #$ ls -l bla.txt -rw-r--r-- 1 root root 4 Nov 8 16:39 bla.txt -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
