Issue #17876 has been updated by Dominic Cleal.
The idea is that Puppet manages its own dirs/files by default. You can turn it off with [manage_internal_file_permissions](http://docs.puppetlabs.com/references/stable/configuration.html#manageinternalfilepermissions) or you can override individual settings with the [curly brace puppet.conf syntax](http://docs.puppetlabs.com/guides/configuring.html#file-format). Unfortunately the latter is broken in 3.x, see #17371. Sounds like the related issue is a discrepancy between the default in the RPM and the app. ---------------------------------------- Bug #17876: Puppet changes directory permissions on log dir https://projects.puppetlabs.com/issues/17876#change-77928 Author: Ryan Uber Status: Needs Decision Priority: Normal Assignee: Category: logging Target version: Affected Puppet version: 3.0.0 Keywords: Branch: No matter what the log_dir in puppet.conf is set to, any time puppet writes a log, the permissions on the directory are changed. This happens in Puppet >= 3.0. For example: <pre> # grep logdir /etc/puppet/puppet.conf logdir = /var/log # stat -c %A /var/log drwxr-xr-x # puppet apply --noop -e "file{'/tmp/test':content=>'$RANDOM';}" /Stage[main]//File[/tmp/test]/ensure: current_value absent, should be file (noop) Class[Main]: Would have triggered 'refresh' from 1 events Stage[main]: Would have triggered 'refresh' from 1 events Finished catalog run in 0.13 seconds # stat -c %A /var/log drwxr-x--- </pre> It does not matter what the permissions are before the puppet run. Puppet will force 750 on the logdir no matter what. Here's another example for good measure, where puppet grants more permissions than there was originally: <pre> # stat -c %A /var/log drwx------ # puppet apply --noop -e "file{'/tmp/test':content=>'$RANDOM';}" /Stage[main]//File[/tmp/test]/ensure: current_value absent, should be file (noop) Class[Main]: Would have triggered 'refresh' from 1 events Stage[main]: Would have triggered 'refresh' from 1 events Finished catalog run in 0.16 seconds # stat -c %A /var/log drwxr-x--- </pre> This causes multiple different types of problems. One example is when verifying RPM packages (see http://projects.puppetlabs.com/issues/17866). It seems to me that as long as Puppet can write to the logdir, it shouldn't care what the permissions are, and it should be up to the sysadmin to manage the permissions on that logdir. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
