Judd Maltin wrote:
> This code:
>
>
> file { '/tmp/default':
> ensure => directory,
> mode => '666'
> }
>
> produces:
>
> r...@blah# ls -la /tmp/default/
> total 16
> drwxrwxrwx 2 root root 4096 2009-07-27 16:21 .
>
> That is a major security issue. I cannot recommend Puppet to my
> clients if I get different results on my filesystem than from my
> manifest.
>
> Is there a consistent culture or policy in the Puppet community to
> override explicit security configurations? It must be explicitly
> avoided in an audit, if that's the case. If there is no policy,
> perhaps we should define one?
>
> Thanks a lot!
> -judd
> >
>
To clarify, this is like complaining umask works differently for
directories than files.
[~/Desktop] > umask
0077
(jmcdon...@jmcdonag) Mon Jul 27 04:48 PM /dev/pts/3
[~/Desktop] > mkdir test
(jmcdon...@jmcdonag) Mon Jul 27 04:48 PM /dev/pts/3
[~/Desktop] > ls -ld test
drwx------ 2 jmcdonagh jmcdonagh 4096 2009-07-27 16:48 test
(jmcdon...@jmcdonag) Mon Jul 27 04:48 PM /dev/pts/3
[~/Desktop] > touch testfile
(jmcdon...@jmcdonag) Mon Jul 27 04:48 PM /dev/pts/3
[~/Desktop] > ls -l testfile
-rw------- 1 jmcdonagh jmcdonagh 0 2009-07-27 16:48 testfile
(jmcdon...@jmcdonag) Mon Jul 27 04:48 PM /dev/pts/3
[~/Desktop] >
--
Joe McDonagh
Operations Engineer
www.colonfail.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
