On Friday, February 8, 2013 6:56:55 AM UTC-6, nikolavp wrote: > > I have seen this issue for sure many times. I always forget this and > when I see it while running with --noop, I change the owner and the > group on the file resource. I am +1 on fixing this to have a more > deterministic behaviour > > It seems like a good idea, though to maintain backwards compatibilty, would it be better to have the proposed fixed default to false (ie, maintain current behavior)?
> Best, Nikola > > On Thu, Feb 07, 2013 at 05:48:58PM -0800, Josh Cooper wrote: > > Recently, the issue of copying file modes from remote sources was > discussed > > on the puppet-users mailing list[1], although it equally applies to > owner > > and group. > > > > One issue is what permissions to apply to newly created files when none > are > > specified? Historically, Puppet has always copied the permissions from > the > > file source to the newly created one. However, this causes problems on > > Windows[2] agents due to the way that Puppet emulates POSIX permissions. > We > > break NTFS access control inheritance to ensure the effective > permissions > > are not greater than what Puppet has granted. It also causes problems on > > *nix agents, when the files' source is remote and uid/gids are not > > synchronized. > > > > A second, but related issue, is that Puppet applies the same > > copy-permissions logic to files that already exist. This goes against > what > > jcbollinger said, "unmanaged resources and resource properties should > not > > be modified by Puppet"[3], and what Nigel said, "A core principle of > Puppet > > is that you can choose to only manage the attributes of a resource that > you > > care about, and can leave the rest unmanaged."[4] However, this "bug" > has > > been around so long, at least 0.24.8, that we can't change behaviors in > a > > minor release.[5] > > > > Patrick and I talked about this and would like to propose adding a file > > parameter, something like `use_source_permissions`. If true and > permissions > > are unspecified, Puppet would continue copying source permissions as it > > does today, for both newly created and existing files. This would be the > > default. > > > > If false and permission are unspecified, Puppet would never copy them > from > > the source. Instead the permission defaults for newly created files > would > > be based on the user that Puppet is running as. And the permissions for > > existing files would be unmodified. > > > > Doing so would provide a mechanism for resolving both #5240 and #18931. > > > > Comments and feedback welcome. > > > > Josh > > > > [1] > > > https://groups.google.com/forum/#!msg/puppet-users/CI7pEUHknm4/x-hCGJn6Ms8J > > [2] https://projects.puppetlabs.com/issues/18931 > > [3] > https://groups.google.com/d/msg/puppet-users/CI7pEUHknm4/VtCl9YmeIS0J > > [4] http://projects.puppetlabs.com/issues/5240#note-16 > > [5] https://projects.puppetlabs.com/issues/5240 > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
