Issue #8192 has been updated by Daniel Pittman. Assignee deleted (Daniel Pittman)
---------------------------------------- Bug #8192: puppet breaking setuid bit on group change https://projects.puppetlabs.com/issues/8192#change-92246 * Author: Jan-Frode Myklebust * Status: Accepted * Priority: Normal * Assignee: * Category: file * Target version: * Affected Puppet version: 0.22.1 * Keywords: * Branch: ---------------------------------------- We have a puppet module that's trying to manage owner, group and setuid bit on /bin/nice: file { "/bin/nice": owner => root, group => root, mode => 6555, } If the mode is correct, but group is wrong, puppet will fix the group and lose the setuid bit: # chgrp bin /bin/nice # chmod 6555 /bin/nice # ls -l /bin/nice -r-sr-sr-x 1 root bin 23424 Jan 26 17:12 /bin/nice # pkill -USR1 puppet Jun 29 22:26:29 xsp4 puppetd[21024]: Caught USR1; calling reload Jun 29 22:26:32 xsp4 puppetd[21024]: (/Stage[main]/SomeSystem::Nice/File[/bin/nice]/group) group changed 'bin' to 'root' Jun 29 22:26:33 xsp4 puppetd[21024]: Finished catalog run in 1.86 seconds # ls -l /bin/nice -r-xr-xr-x 1 root root 23424 Jan 26 17:12 /bin/nice And puppet then needs a second run to fix the setuid bit: # pkill -USR1 puppet Jun 29 22:26:44 xsp4 puppetd[21024]: (/Stage[main]/SomeSystem::Nice/File[/bin/nice]/mode) mode changed '555' to '6555' # ls -l /bin/nice -r-sr-sr-x 1 root root 23424 Jan 26 17:12 /bin/nice This has only been tested on v0.25.4 on RHEL5. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
