Issue #5240 has been updated by Ian Neal.
Daniel Pittman wrote:
> I would honestly prefer a configuration setting, or `File { uid =>
> inherit, gid => inherit }` declaration of intent. Probably behind a
> regular deprecation pass and all, but even in 2.7.0.
I rather agree; once again, when recursing over a directory with specific
permissions, it would be rather nice to have the "inherit" intent, so that it
can use the current file's owner/group/mode if such is desired. Definitely if
owner/group/mode are not specified, Puppet should default to something else
sane, but taking away the ability to use the source file's mode limits one's
options.
No matter what is decided, this is certainly something worth pointing out at
every opportunity once the change goes into effect.
----------------------------------------
Bug #5240: Default ownership for newly created files when uid/gid are
unspecified
https://projects.puppetlabs.com/issues/5240#change-93936
* Author: Markus Falb
* Status: Accepted
* Priority: Normal
* Assignee: Nigel Kersten
* Category: file
* Target version:
* Affected Puppet version: 0.25.0
* Keywords:
* Branch:
----------------------------------------
file { "/bla/bla.txt":
ensure => file,
source => "puppet:///bla/bla.txt",
}
The file on puppetmaster belongs to user x with uid y and it is created on the
client with uid y whatever user this translates to.
A user for uid y may or may not exists on the client. uids/gids on puppetmaster
and puppetd are not necessarily synchronised. If I forget to set a ownership
explicitly possibly unrelated users on the client may access files. This
behaviour is potentially unsecure.
On puppetmaster (note the -n switch):
#$ ls -n bla.txt
-rw-r--r-- 1 502 301 4 8 Nov 16:25 bla.txt
The result on the client (user/group does not exist):
#$ ls -l bla.txt
-rw-r--r-- 1 502 301 4 Nov 8 16:39 bla.txt
Expected behaviour: I would like to rely on reasonable defaults. When no
user/group is explicitly defined, files should be created with ownership of the
user puppet runs as:
#$ ls -l bla.txt
-rw-r--r-- 1 root root 4 Nov 8 16:39 bla.txt
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/groups/opt_out.
