Issue #5240 has been updated by Josh Cooper. Status changed from Investigating to Accepted Affected Puppet version changed from 0.25.5 to 0.25.0
I agree the current behavior is undesirable. If the property (mode) is managed, then puppet correctly sets it to that value. If the property is unspecified, then puppet changes it to match the source (for new and existing files), and has done this for a long time. If we fix this bug, then it will change behaviors, e.g. currently, if you stop managing a property, puppet will change the mode to match the source. Fixing this bug would cause the mode to remain unchanged, to whatever puppet last set it to. When this bug is fixed, the whole notion of retrieving owner/group/mode metadata goes away, since we should never be applying those properties from the source to the file resource we are managing. (We do still need the checksum and type though). We can also remove the Process.uid, Process.gid from `Puppet::Configurer::Downloader#default_arguments` ---------------------------------------- Bug #5240: Default ownership for newly created files when uid/gid are unspecified https://projects.puppetlabs.com/issues/5240#change-81411 Author: Markus Falb Status: Accepted Priority: Normal Assignee: Nigel Kersten Category: file Target version: Affected Puppet version: 0.25.0 Keywords: Branch: file { "/bla/bla.txt": ensure => file, source => "puppet:///bla/bla.txt", } The file on puppetmaster belongs to user x with uid y and it is created on the client with uid y whatever user this translates to. A user for uid y may or may not exists on the client. uids/gids on puppetmaster and puppetd are not necessarily synchronised. If I forget to set a ownership explicitly possibly unrelated users on the client may access files. This behaviour is potentially unsecure. On puppetmaster (note the -n switch): #$ ls -n bla.txt -rw-r--r-- 1 502 301 4 8 Nov 16:25 bla.txt The result on the client (user/group does not exist): #$ ls -l bla.txt -rw-r--r-- 1 502 301 4 Nov 8 16:39 bla.txt Expected behaviour: I would like to rely on reasonable defaults. When no user/group is explicitly defined, files should be created with ownership of the user puppet runs as: #$ ls -l bla.txt -rw-r--r-- 1 root root 4 Nov 8 16:39 bla.txt -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
