I have seen this issue for sure many times. I always forget this and when I see it while running with --noop, I change the owner and the group on the file resource. I am +1 on fixing this to have a more deterministic behaviour
Best, Nikola On Thu, Feb 07, 2013 at 05:48:58PM -0800, Josh Cooper wrote: > Recently, the issue of copying file modes from remote sources was discussed > on the puppet-users mailing list[1], although it equally applies to owner > and group. > > One issue is what permissions to apply to newly created files when none are > specified? Historically, Puppet has always copied the permissions from the > file source to the newly created one. However, this causes problems on > Windows[2] agents due to the way that Puppet emulates POSIX permissions. We > break NTFS access control inheritance to ensure the effective permissions > are not greater than what Puppet has granted. It also causes problems on > *nix agents, when the files' source is remote and uid/gids are not > synchronized. > > A second, but related issue, is that Puppet applies the same > copy-permissions logic to files that already exist. This goes against what > jcbollinger said, "unmanaged resources and resource properties should not > be modified by Puppet"[3], and what Nigel said, "A core principle of Puppet > is that you can choose to only manage the attributes of a resource that you > care about, and can leave the rest unmanaged."[4] However, this "bug" has > been around so long, at least 0.24.8, that we can't change behaviors in a > minor release.[5] > > Patrick and I talked about this and would like to propose adding a file > parameter, something like `use_source_permissions`. If true and permissions > are unspecified, Puppet would continue copying source permissions as it > does today, for both newly created and existing files. This would be the > default. > > If false and permission are unspecified, Puppet would never copy them from > the source. Instead the permission defaults for newly created files would > be based on the user that Puppet is running as. And the permissions for > existing files would be unmodified. > > Doing so would provide a mechanism for resolving both #5240 and #18931. > > Comments and feedback welcome. > > Josh > > [1] > https://groups.google.com/forum/#!msg/puppet-users/CI7pEUHknm4/x-hCGJn6Ms8J > [2] https://projects.puppetlabs.com/issues/18931 > [3] https://groups.google.com/d/msg/puppet-users/CI7pEUHknm4/VtCl9YmeIS0J > [4] http://projects.puppetlabs.com/issues/5240#note-16 > [5] https://projects.puppetlabs.com/issues/5240 > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
