I ran into an issue where I was trying to set the owner and group on authorized_keys using a file resource. I didn't realize that the ssh_authorized_keys provider will automatically set the gid to the primary group of the owner of the puppetd process (in my case, root). So if a key was added after the file resource was processed, my group would change from the user's group to root. If it was added before, the ownership would be correct. I removed File["~/.ssh/ authorized_keys"] and let the provider manage it.
Since you don't have an authorized_keys file resource, I would expect your authorized_keys to always have a group of root (if you are running puppet as root). I'm not sure why the owner is changing to root though. You may be running into this bug: http://projects.puppetlabs.com/issues/5395 On Feb 3, 4:26 pm, Arnau Bria <[email protected]> wrote: > Hi, > > I sometimes get a strange problem with some user's authorized_keys file. > The file should belong to user:users_group but puppet sets it as > root:root: > > i.e: > > err: /Stage[os]/Computing_ssh/Ssh_authorized_key[[email protected]]: > Could not evaluate: Permission denied - /home/neuroadm/.ssh/authorized_keys > > # ls -lsa /home/neuroadm/.ssh/ > total 12 > 4 drwx------ 2 neuroadm neuro 4096 Feb 3 21:02 . > 4 drwx------ 3 neuroadm neuro 4096 Feb 3 21:02 .. > 4 -rw------- 1 root root 578 Feb 3 21:02 authorized_keys > > My code looks like: > > file { > 'ssh_neuroadm' : > name => '/home/neuroadm/.ssh', > owner => 'neuroadm', > group => 'neuro', > mode => 700, > ensure => directory, > require => File['home_neuroadm']; > 'home_neuroadm' : > name => '/home/neuroadm/', > owner => 'neuroadm', > group => 'neuro', > mode => 700, > ensure => directory; > > '[email protected]' : > user => 'neuroadm', > key => 'Key'; > > The most strange thing is that it works sometimes and sometimes not... > > The problem is solved if I remove .ssh dir and rerun puppet. > > Anyone could help to find a reasonable explanation for this behaviour? > > TIA, > Arnau -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
