Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Josh Cooper commented on PUP-6936 Re: unable to read last_run_summary.yaml from user This issue is a result of the puppet-agent package, see https://github.com/puppetlabs/puppet-agent/commit/afe62853124860990fd83b8b7e4c50622c01c95f. This change was made because the cache directory can contain sensitive information such as the cached catalog and reports. Since this is an issue with puppet-agent packaging, I'm going to move it to the PA project. Also one workaround is to configure puppet to save the last_run_summary.yaml file to a different directory which is world readable, such as Puppet[:lastrunfile] = /opt/puppetlabs/puppet/last_run_summary.yaml. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.162128.1479524999000.80451.1591399440131%40Atlassian.JIRA.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Josh Cooper updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Josh Cooper Sprint: Platform Core Grooming Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Nicky Kernohan commented on PUP-6936 Re: unable to read last_run_summary.yaml from user Thanks Branan Riley, could we try and get changing the permissions on the last_run_summary into future sprint? Thank you Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Jorie Tappa updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Jorie Tappa Sprint: Platform Core Grooming Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Jorie Tappa updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Jorie Tappa Team: Platform OS Coremunity Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Marcel commented on PUP-6936 Re: unable to read last_run_summary.yaml from user Hey, any news on this? The problem are the permissions on /opt/puppetlabs/puppet/cache, they are 750. Thanks Marcel Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Nicky Kernohan commented on PUP-6936 Re: unable to read last_run_summary.yaml from user Hi, any updates? If the change in the perms for the summary is fairly straightforward, can we try and aim to get this into the next Z release? Thanks Nicky Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Branan Riley commented on PUP-6936 Re: unable to read last_run_summary.yaml from user Puppet frequently manages sensitive information, and its various caches, states, and logs can contain that. Most of the cache directory really /shouldn't/ be all world-readable. That's asking for someone else to come along and file a ticket that we're leaking information. That being said, last_run_summary should be safe. I don't see why that couldn't be set to 644 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Nicky Kernohan commented on PUP-6936 Re: unable to read last_run_summary.yaml from user Would it be possible to open up the whole cache dir to 755 permissions? Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Nicky Kernohan updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Nicky Kernohan Affects Version/s: PUP 5.5.z Zendesk Ticket IDs: https://puppetlabs.zendesk.com/agent/tickets/30947https://puppetlabs.zendesk.com/agent/tickets/29674 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Nicky Kernohan updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Nicky Kernohan Zendesk Ticket IDs: https://puppetlabs.zendesk.com/agent/tickets/30947https://puppetlabs.zendesk.com/agent/tickets/29674 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Branan Riley updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Branan Riley Labels: puppet-agent daemon logging permissions Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Craig Gomes updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Craig Gomes Team: Platform Core OS Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Owen Rodabaugh updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Owen Rodabaugh CS Priority: Needs Priority Reviewed CS Impact: Customer wants to use this file to monitor their agent runs and not run monitoring as the root user which causes file to be inaccessible without other action to move it or change permissions. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Adam Bottchen updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Adam Bottchen CS Priority: Normal Needs Priority Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Nicky Kernohan updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Nicky Kernohan CS Priority: Normal CS Impact: Customer wants to use this file to monitor their agent runs CS Severity: 3 - Serious CS Business Value: 2 - $$$ CS Frequency: 1 - 1-5% of Customers Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Nicky Kernohan updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Nicky Kernohan Zendesk Ticket IDs: https://puppetlabs.zendesk.com/agent/tickets/29674 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Nicky Kernohan updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Nicky Kernohan Zendesk Ticket IDs: https://puppetlabs.zendesk.com/agent/tickets/29674 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Nicky Kernohan updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Nicky Kernohan Method Found: Customer Feedback Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Maggie Dreyer Labels: puppet-agent triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Geoff Nichols Sprint: Agent Accepted Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Geoff Nichols Sprint: AP Holding Grooming Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Geoff Nichols Sprint: AP Grooming Holding Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Geoff Nichols Sprint: AP Holding Grooming Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Geoff Nichols Sprint: AP Grooming Holding Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Moses Mendoza updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Moses Mendoza Team: Agent & Platform Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Moses Mendoza updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Moses Mendoza Sprint: AP Grooming Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Moses Mendoza commented on PUP-6936 Re: unable to read last_run_summary.yaml from user It appears this has been the case since the introduction of the puppet-agent package when these things moved under cache. It looks like it might go back further though, as in the last version shipped as the 'puppet' package (by Puppet that is), 3.8.7, the last_run_summary.yaml and its parent directory are world readable, but /var/lib/puppet isn't: [root@rhel7 puppet]# ls -l /var/lib ... drwxr-x---. 12 puppet puppet 4096 Oct 7 14:11 puppet ... [root@rhel7 puppet]# puppet --version 3.8.7 [root@rhel7 puppet]# ls -l /var/lib/puppet/ total 0 drwxr-x---. 2 root root6 Oct 7 14:11 clientbucket
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title R.I.Pienaar commented on PUP-6936 Re: unable to read last_run_summary.yaml from user last_run_report should not be readable, last_run_summary should but as you say, on puppet-agent packages: drwxr-x--- 14 root root 4096 Oct 31 22:59 /opt/puppetlabs/puppet/cache is the real problem preventing it Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title
Daniele Palumbo updated an issue
Puppet / PUP-6936
unable to read last_run_summary.yaml from user
Change By:
Daniele Palumbo
The last_run_summary.yaml is not readable by users.Editing since the first publishing, because i have noticed that i have mixed puppetlabs packages and debian packages. Detailed of packages installed:Evidence on puppetlabs package:{code:java}root@x:~# dpkg -l puppet-agentDesired=Unknown/Install/Remove/Purge/Hold| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)||/ Name Version Architecture Description+++-==---=ii puppet-agent 1.8.0-1jessi amd64The Puppet Agent package containsroot@x:~# {code}Evidence on debian package:{code:java}root@y:~# dpkg -l puppetDesired=Unknown/Install/Remove/Purge/Hold| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)||/ Name Version Architecture Description+++-==---=ii puppet 3.7.2-4 all configuration management system, root@y:~# {code} Based on old tickets:https://projects.puppetlabs.com/issues/15471, https://github.com/puppetlabs/puppet/commit/0f13cf5Here is stated that the file read last_run_summary.yaml should be world readable.Evidence on puppetlabs package:{code:java}root@x:~# puppet config print lastrunreport/opt/puppetlabs/puppet/cache/state/last_run_report.yamlroot@x:~# ls -la /opt/puppetlabs/puppet/cache/state/last_run_report.yaml-rw-r- 1 root root 117739 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/last_run_report.yamlroot@x:~# {code}Evidence on debian package:{code:java}root@y:~# puppet config print lastrunreport/var/lib/puppet/state/last_run_report.yamlroot@y:~# ls -la /var/lib/puppet/state/last_run_report.yaml-rw-r- 1 root root 118278 Nov 19 11:03 /var/lib/puppet/state/last_run_report.yamlroot@y:~# {code}https://tickets.puppetlabs.com/browse/PUP-3163, https://tickets.puppetlabs.com/browse/PUP-3156Here is stated that the directory /var/lib/puppet/state/ and /var/lib/puppet/reports, need to be at least world readable.And currently that directory are world readable.Evidence on puppetlabs package:{code:java}root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/state/ drwxr-xr-t 3 root root 4096 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/ drwxr-x--- 10 puppet puppet 4096 May 3 2016 /opt/puppetlabs/puppet/cache/root@x:/etc/puppetlabs/code/environments/development# {code}Evidence on debian package:{code:java}root@y:~# ls -ld /var/lib/puppet/state/drwxr-xr-t 3 puppet puppet 4096 Nov 19 11:03 /var/lib/puppet/state/root@y:~# ls -ld /var/lib/puppet/ drwxr-x--- 9 puppet puppet 4096 May 16 2016 /var/lib/puppet/root@y:~# {code}Based on that condition, /var/lib/puppet/state/last_run_report.yamlis not world readable.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Daniele Palumbo updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Daniele Palumbo Environment: Debian Jessiepuppetlabs repository and debian repository root@x:~# dpkg -l puppetDesired=Unknown/Install/Remove/Purge/Hold| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)||/ Name Version Architecture Description+++-==---=ii puppet 3.7.2-4 all configuration management system, root@x:~# Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title
Daniele Palumbo updated an issue
Puppet / PUP-6936
unable to read last_run_summary.yaml from user
Change By:
Daniele Palumbo
The last_run_summary.yaml is not readable by users.Editing since the first publishing, because i have noticed that i have mixed puppetlabs packages and debian packages.Based on old tickets:https://projects.puppetlabs.com/issues/15471, https://github.com/puppetlabs/puppet/commit/0f13cf5Here is stated that the file read last_run_summary.yaml should be world readable.Evidence on puppetlabs package:{code:java}root@x:~# puppet config print lastrunreport/opt/puppetlabs/puppet/cache/state/last_run_report.yamlroot@x:~# ls -la /opt/puppetlabs/puppet/cache/state/last_run_report.yaml-rw-r- 1 root root 117739 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/last_run_report.yamlroot@x:~# {code}Evidence on debian package: {code:java} root@ x y :~# puppet config print lastrunreport/var/lib/puppet/state/last_run_report.yamlroot@ x y :~# ls -la /var/lib/puppet/state/last_run_report.yaml-rw-r- 1 root root 118278 Nov 19 11:03 /var/lib/puppet/state/last_run_report.yamlroot@ x y :~# {code} https://tickets.puppetlabs.com/browse/PUP-3163, https://tickets.puppetlabs.com/browse/PUP-3156Here is stated that the directory /var/lib/puppet/state/ and /var/lib/puppet/reports, need to be at least world readable.And currently that directory are world readable.Evidence on puppetlabs package: {code:java} root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/state/ drwxr-xr-t 3 root root 4096 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/ drwxr-x--- 10 puppet puppet 4096 May 3 2016 /opt/puppetlabs/puppet/cache/root@x:/etc/puppetlabs/code/environments/development# {code} Evidence on debian package: rroot {code:java}root @ x y :~# ls -ld /var/lib/puppet/state/drwxr-xr-t 3 puppet puppet 4096 Nov 19 11:03 /var/lib/puppet/state/root@ x y :~# ls -ld /var/lib/puppet/ drwxr-x--- 9 puppet puppet 4096 May 16 2016 /var/lib/puppet/root@ x y :~# {code} Based on that condition, /var/lib/puppet/state/last_run_report.yamlis not world readable.
Add Comment
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title
Daniele Palumbo updated an issue
Puppet / PUP-6936
unable to read last_run_summary.yaml from user
Change By:
Daniele Palumbo
The last_run_summary.yaml is not readable by users.Editing since the first publishing, because i have noticed that i have mixed puppetlabs packages and debian packages.Based on old tickets:https://projects.puppetlabs.com/issues/15471, https://github.com/puppetlabs/puppet/commit/0f13cf5Here is stated that the file read last_run_summary.yaml should be world readable.Evidence on puppetlabs package: {code:java} root@x:~# puppet config print lastrunreport/opt/puppetlabs/puppet/cache/state/last_run_report.yamlroot@x:~# ls -la /opt/puppetlabs/puppet/cache/state/last_run_report.yaml-rw-r- 1 root root 117739 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/last_run_report.yamlroot@x:~# {code} Evidence on debian package:root@x:~# puppet config print lastrunreport/var/lib/puppet/state/last_run_report.yamlroot@x:~# ls -la /var/lib/puppet/state/last_run_report.yaml-rw-r- 1 root root 118278 Nov 19 11:03 /var/lib/puppet/state/last_run_report.yamlroot@x:~# https://tickets.puppetlabs.com/browse/PUP-3163, https://tickets.puppetlabs.com/browse/PUP-3156Here is stated that the directory /var/lib/puppet/state/ and /var/lib/puppet/reports, need to be at least world readable.And currently that directory are world readable.Evidence on puppetlabs package:root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/state/ drwxr-xr-t 3 root root 4096 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/ drwxr-x--- 10 puppet puppet 4096 May 3 2016 /opt/puppetlabs/puppet/cache/root@x:/etc/puppetlabs/code/environments/development# Evidence on debian package:rroot@x:~# ls -ld /var/lib/puppet/state/drwxr-xr-t 3 puppet puppet 4096 Nov 19 11:03 /var/lib/puppet/state/root@x:~# ls -ld /var/lib/puppet/ drwxr-x--- 9 puppet puppet 4096 May 16 2016 /var/lib/puppet/root@x:~# Based on that condition, /var/lib/puppet/state/last_run_report.yamlis not world readable.
Add Comment
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Daniele Palumbo updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Daniele Palumbo The last_run_summary.yaml is not readable by users. Editing since the first publishing, because i have noticed that i have mixed puppetlabs packages and debian packages. Based on old tickets:https://projects.puppetlabs.com/issues/15471, https://github.com/puppetlabs/puppet/commit/0f13cf5Here is stated that the file read last_run_summary.yaml should be world readable. And currently the file is world readable Evidence on puppetlabs package:root@x:~# puppet config print lastrunreport/opt/puppetlabs/puppet/cache/state/last_run_report . yaml root@x:~# ls -la /opt/puppetlabs/puppet/cache/state/last_run_report.yaml -rw-r- 1 root root 117739 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/last_run_report.yamlroot@x:~# Evidence on debian package :root@x:~# puppet config print lastrunreport/var/lib/puppet/state/last_run_report.yamlroot@x:~# ls -la /var/lib/puppet/state/ last_run_summary last_run_report .yaml-rw-r-- r -- - 1 root root 736 118278 Nov 19 03 11 : 44 03 /var/lib/puppet/state/ last_run_summary last_run_report .yamlroot@x:~# https://tickets.puppetlabs.com/browse/PUP-3163, https://tickets.puppetlabs.com/browse/PUP-3156Here is stated that the directory /var/lib/puppet/state/ and /var/lib/puppet/reports, need to be at least world readable.And currently that directory are world readable.Evidence on puppetlabs package :root@x: ~ /etc/puppetlabs/code/environments/development # ls - la lad / var opt / lib puppetlabs /puppet/ total 60* cache/state/ drwxr- x--- 15 puppet puppet 4096 May 3 2016 .*drwxr- xr- x 47 root root 4096 May t 3 2016 ..drwxr-x--- 3 root root 4096 Nov 30 2014 client_datadrwxr-x--- 3 root root 4096 Nov 25 2014 client_yamldrwxr-x--- 6 root root 4096 Jul 12 00 19 10 :54 clientbucket /opt/puppetlabs/puppet/cache/state/ drwxr-xr-x 4 root root 4096 Jan 27 2016 concatdrwxr-xr- @ x 2 root root 4096 Nov 21 2014 factsdrwxr-xr-x 2 root root 4096 Jun 6 13 : 18 facts.ddrwxr /etc/puppetlabs/code/environments/development# ls - xr-x 8 root root 4096 Nov 19 02:17 lib lad /opt/puppetlabs/puppet/cache/ drwxr- xr- x 2 root root 4096 Nov 25 2014 logdrwxr - x -- - 2 10 puppet puppet 4096 May 3 2016 previewdrwxr-xr-x 2 /opt/puppetlabs/ puppet puppet 4096 Nov 28 2014 reports /cache/ drwxrwxrwt 2 root root 4096 Nov 25 2014 run @x:/etc/puppetlabs/code/environments/development# drwxrwx-- Evidence on debian package:rroot@ x 7 :~# ls -ld /var/lib/ puppet puppet 4096 Nov 28 2014 ssl /state/ drwxr-xr-t 3 puppet puppet 4096 Nov 19 03 11 : 43 03 /var/lib/puppet/ state / root@x:~# But as you can see above, the whole * ls -ld /var/lib/puppet * / drwxr-x--- 9 puppet puppet 4096 May 16 2016 /var/lib/puppet/ is not world accessible nor readable. root@x:~# Based on that condition, /var/lib/puppet/state/last_run_report.yamlis not world readable. Setting chmod +x /var/lib/puppetis sufficient to solve the problem.Runningpuppet agent -tdo not revert the permission.
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Daniele Palumbo updated an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Change By: Daniele Palumbo The last_run_summary.yaml is not readable by users.Based on old tickets:https://projects.puppetlabs.com/issues/15471, https://github.com/puppetlabs/puppet/commit/0f13cf5Here is stated that the file read last_run_summary.yaml should be world readable.And currently the file is world readable.Evidence:root@x:~# ls -la /var/lib/puppet/state/last_run_summary.yaml-rw-r--r-- 1 root root 736 Nov 19 03:44 /var/lib/puppet/state/last_run_summary.yamlroot@x:~# https://tickets.puppetlabs.com/browse/PUP-3163, https://tickets.puppetlabs.com/browse/PUP-3156Here is stated that the directory /var/lib/puppet/state/ and /var/lib/puppet/reports, need to be at least world readable.And currently that directory are world readable.Evidence:root@x:~# ls -la /var/lib/puppet/total 60*drwxr-x--- 15 puppet puppet 4096 May 3 2016 .*drwxr-xr-x 47 root root 4096 May 3 2016 ..drwxr-x--- 3 root root 4096 Nov 30 2014 client_datadrwxr-x--- 3 root root 4096 Nov 25 2014 client_yamldrwxr-x--- 6 root root 4096 Jul 12 00:54 clientbucketdrwxr-xr-x 4 root root 4096 Jan 27 2016 concatdrwxr-xr-x 2 root root 4096 Nov 21 2014 factsdrwxr-xr-x 2 root root 4096 Jun 6 13:18 facts.ddrwxr-xr-x 8 root root 4096 Nov 19 02:17 libdrwxr-xr-x 2 root root 4096 Nov 25 2014 logdrwxr-x--- 2 puppet puppet 4096 May 3 2016 previewdrwxr-xr-x 2 puppet puppet 4096 Nov 28 2014 reportsdrwxrwxrwt 2 root root 4096 Nov 25 2014 rundrwxrwx--x 7 puppet puppet 4096 Nov 28 2014 ssldrwxr-xr-t 3 puppet puppet 4096 Nov 19 03:43 stateroot@x:~#But as you can see above, the whole */var/lib/puppet*is not world accessible nor readable.Based on that condition, /var/lib/puppet/state/last_run_report.yamlis not world readable. Setting chmod +x /var/lib/puppetis sufficient to solve the problem.Runningpuppet agent -tdo not revert the permission. Add Comment This
Jira (PUP-6936) unable to read last_run_summary.yaml from user
Title: Message Title Daniele Palumbo created an issue Puppet / PUP-6936 unable to read last_run_summary.yaml from user Issue Type: Bug Affects Versions: PUP 4.7.0 Assignee: Unassigned Created: 2016/11/18 7:09 PM Environment: Debian Jessie puppetlabs repository root@x:~# dpkg -l puppet Desired=Unknown/Install/Remove/Purge/Hold Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend / Err?=(none)/Reinst-required (Status,Err: uppercase=bad) / Name Version Architecture Description +++ == = ii puppet 3.7.2-4 all configuration management system, root@x:~# Labels:
