[Puppet - Bug #17876] (Unreviewed) Puppet changes directory permissions on log dir

[tickets]

Issue #17876 has been reported by Ryan Uber.

----------------------------------------
Bug #17876: Puppet changes directory permissions on log dir
https://projects.puppetlabs.com/issues/17876

Author: Ryan Uber
Status: Unreviewed
Priority: Normal
Assignee: 
Category: logging
Target version: 
Affected Puppet version: 3.0.0
Keywords: 
Branch: 


No matter what the log_dir in puppet.conf is set to, any time puppet writes a 
log, the permissions on the directory are changed. This happens in Puppet >= 
3.0. For example:
<pre>
# grep logdir /etc/puppet/puppet.conf
    logdir = /var/log
# stat -c %A /var/log
drwxr-xr-x
# puppet apply --noop -e "file{'/tmp/test':content=>'$RANDOM';}"
/Stage[main]//File[/tmp/test]/ensure: current_value absent, should be file 
(noop)
Class[Main]: Would have triggered 'refresh' from 1 events
Stage[main]: Would have triggered 'refresh' from 1 events
Finished catalog run in 0.13 seconds
# stat -c %A /var/log
drwxr-x---
</pre>

It does not matter what the permissions are before the puppet run. Puppet will 
force 750 on the logdir no matter what.

Here's another example for good measure, where puppet grants more permissions 
than there was originally:
<pre>
# stat -c %A /var/log
drwx------
# puppet apply --noop -e "file{'/tmp/test':content=>'$RANDOM';}"
/Stage[main]//File[/tmp/test]/ensure: current_value absent, should be file 
(noop)
Class[Main]: Would have triggered 'refresh' from 1 events
Stage[main]: Would have triggered 'refresh' from 1 events
Finished catalog run in 0.16 seconds
# stat -c %A /var/log
drwxr-x---
</pre>

This causes multiple different types of problems. One example is when verifying 
RPM packages (see http://projects.puppetlabs.com/issues/17866).

It seems to me that as long as Puppet can write to the logdir, it shouldn't 
care what the permissions are, and it should be up to the sysadmin to manage 
the permissions on that logdir.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.