Issue #17876 has been updated by Ryan Uber. Status changed from Needs Decision to Closed
This sounds reasonable. Probably no further action required here. The RPM issue mentioned above has been resolved with a minor patch described in #17866. Thanks. ---------------------------------------- Bug #17876: Puppet changes directory permissions on log dir https://projects.puppetlabs.com/issues/17876#change-78223 Author: Ryan Uber Status: Closed Priority: Normal Assignee: Category: logging Target version: Affected Puppet version: 3.0.0 Keywords: Branch: No matter what the log_dir in puppet.conf is set to, any time puppet writes a log, the permissions on the directory are changed. This happens in Puppet >= 3.0. For example: <pre> # grep logdir /etc/puppet/puppet.conf logdir = /var/log # stat -c %A /var/log drwxr-xr-x # puppet apply --noop -e "file{'/tmp/test':content=>'$RANDOM';}" /Stage[main]//File[/tmp/test]/ensure: current_value absent, should be file (noop) Class[Main]: Would have triggered 'refresh' from 1 events Stage[main]: Would have triggered 'refresh' from 1 events Finished catalog run in 0.13 seconds # stat -c %A /var/log drwxr-x--- </pre> It does not matter what the permissions are before the puppet run. Puppet will force 750 on the logdir no matter what. Here's another example for good measure, where puppet grants more permissions than there was originally: <pre> # stat -c %A /var/log drwx------ # puppet apply --noop -e "file{'/tmp/test':content=>'$RANDOM';}" /Stage[main]//File[/tmp/test]/ensure: current_value absent, should be file (noop) Class[Main]: Would have triggered 'refresh' from 1 events Stage[main]: Would have triggered 'refresh' from 1 events Finished catalog run in 0.16 seconds # stat -c %A /var/log drwxr-x--- </pre> This causes multiple different types of problems. One example is when verifying RPM packages (see http://projects.puppetlabs.com/issues/17866). It seems to me that as long as Puppet can write to the logdir, it shouldn't care what the permissions are, and it should be up to the sysadmin to manage the permissions on that logdir. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
