Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Glenn Sarti commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation Repro: Install Puppet agent 1.10.10 as Administrator WITHOUT puppet DNS entry existing Stop the puppet server Configure the DNS entry for puppet Start the puppet agent. This will connect to the puppet server (assuming autosign is ok) Note the permissions; PS C:\programdata\PuppetLabs\puppet> icacls .\cache\client_data .\cache\client_data BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(RX) Everyone:(Rc,S,RA) CREATOR OWNER:(CI)(IO)(F) CREATOR GROUP:(CI)(IO)(RX) CREATOR OWNER:(OI)(IO)(R,W,D,WDAC,WO,DC) CREATOR GROUP:(OI)(IO)(R) Successfully processed 1 files; Failed processing 0 files
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Geoff Nichols Sprint: Windows 2018-08-01 , Windows 2018-08-08 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation Builds for testing, based on the PA-2112 work, can be found at http://builds.delivery.puppetlabs.net/puppet-agent/dd653d0fe7e1e5c1b683f8e7c187079fbd327b89/artifacts/windows/ - note that this build is a 1.10.x series build. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Geoff Nichols assigned an issue to Glenn Sarti Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Geoff Nichols Assignee: Ethan Brown Glenn Sarti Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Geoff Nichols Story Points: 1 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Geoff Nichols Sprint: Windows Hopper 2018-08-01 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Glenn Sarti commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation Blocked on PA-2122. After which this should be "closed - won't fix" as it is no longer an issue. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Erick Banks updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Erick Banks Sprint: Windows Hopper Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Glenn Sarti commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation Josh Cooper Was that under cygwin or local cmd.exe session for the install ? Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Josh Cooper commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation FYI I can repro this by installing puppet-agent as a manual service. Run puppet config set server --section main. Then run puppet agent -t from an admin elevated cmd.exe shell. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation I have spun off PUP-6729 based on the comments I made above at https://tickets.puppetlabs.com/browse/PUP-5491?focusedCommentId=240030&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-240030 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Ethan Brown Fix Version/s: PUP 4.y Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Kenaz Kwa updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Kenaz Kwa Team: Agent & Platform Support Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ryan Gard updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Ryan Gard QA Contact: Ryan Gard Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Ethan Brown Fix Version/s: PUP 4.3.2 Fix Version/s: PUP 4.4.0 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Ethan Brown Sprint: Windows 2015-12-16 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation So in an effort to test a different permissions issue, I stripped off all access rights to a file, aside from Administrators: (R), and attempted to read it as SYSTEM. What I found is that SYSTEM can read the file. I found a reference in Mechanics of User Identification and Authentication that explains this. SYSTEM is an implicit / hidden member of the Administrators group, which can be verified by opening a psexec session as SYSTEM and running whoami /groups in it: C:\Users\Administrator\Downloads> psexec -s cmd.exe PsExec v2.11 - Execute processes remotely Copyright (C) 2001-2014 Mark Russinovich Sysinternals - www.sysinternals.com Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation Attached the diagram that we put together of mapping out the runs / perms (for catalog directory). The most interesting scenarios play out when Puppet is installed as a manual service, and the first run is started as Administrator, then the subsequent run is as SYSTEM. With --trace --debug --verbose on, we can see changes being made as the settings catalog is applied, typically in an order like this: Debug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys/vagrant-2008r2.corp.puppetlabs.net.pem]/mode: mode changed '0640' to '0644' Debug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem]/mode: mode changed '0640' to '0644' Debug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/vagrant-2008r2.corp.puppetlabs.net.pem]/mode: mode changed '0640' to '0644' Debug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/crl.pem]/mode: mode changed '0660' to '0644' Debug: /File[C:/ProgramData/PuppetLabs/puppet/cache/state/last_run_report.yaml]/mode: mode changed '0660' to '0640' Debug: /File[C:/ProgramData/PuppetLabs/puppet/cache/state/state.yaml]/m
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Ethan Brown Attachment: PUP-5491 Permissions Notes.jpg Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Steve Barlow updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Steve Barlow Fix Version/s: PUP 4.3.1 Fix Version/s: PUP 4.3.2 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Steve Barlow updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Steve Barlow Sprint: Windows 2015-12- 02 16 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation Another interesting validation would be to: Install the 1.3.0 agent Connect to a master through the service, making sure a few agent runs have been performed, certs have been exchanged, and catalog has been cached Get a full list of all the permissions under C:\ProgramData\PuppetLabs for each and every file / folder Install a newer package once this ticket is fixed Perform a puppet agent run with --trace --debug --verbose Get a full list of all the permissions under C:\ProgramData\PuppetLabs for each and every file / folder Diff the permissions to ensure the changes are sane Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this gr
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Ethan Brown Flagged: Impediment Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ethan Brown updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Ethan Brown Fix Version/s: PUP 4.3.1 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Steve Barlow updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Steve Barlow Flagged: Impediment Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Steve Barlow updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Steve Barlow Flagged: Impediment Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ryan Gard commented on PUP-5491 Re: The "client_data" Directory Permissions Incorrect After Installation Alternate Scenario Ethan Brown here is another reproduction of the issue. Environment PE Version: 2015.2.3 Master OS: CentOS 7 x64 Agent OS: Windows 2012 R2 x64 (SUT) Repro Steps Open a console and install the Puppet Agent onto the SUT (Note: The service is NOT disabled when the agent is installed): msiexec.exe /i puppet-agent-1.2.7.421.g9c0a93a-x64.msi /qn /L*V C:\Windows\TEMP\install-puppet.log Run the Puppet Agent on the SUT: puppet agent -t --server=centos7.vm --certname=w2012r2.vm Sign the the cert on the master: puppet cert sign --all Run the Puppet Agent on the SUT:
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Steve Barlow updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Steve Barlow Flagged: Impediment Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title
Josh Cooper commented on PUP-5491
Re: The "client_data" Directory Permissions Incorrect After Installation
Ryan Gard The reason for this behavior is because when puppet service runs as SYSTEM, the default DACL (analogous to umask) will cause any newly created file/dir to have owner Administrators (note plural) and group SYSTEM. And since puppet manages the mode as:
:client_datadir => {
:default => "$vardir/client_data",
:type => :directory,
:mode => "0750",
The group permissions for SYSTEM are set to RX. By comparison, when running in an elevated context (Administrator), then the owner will be you, and group will be None.
We've talked about always granting full control when SYSTEM is neither owner nor group, but we haven't implemented that change. IOW, I think the behavior you are seeing is expected, even though it results in a different desired state depending on who creates the files initially.
Also note, there is a secondary known issue (PUP-4684) whereby even if you change the mode to 0770 and SYSTEM is the group then it doesn't get full control, but should.
Add Comment
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title
Eric Thompson updated an issue
Puppet / PUP-5491
The "client_data" Directory Permissions Incorrect After Installation
Change By:
Eric Thompson
h1. DescriptionIf a user runs installs the Puppet Agent and allows the service to start after installation the ACE on the "client_data" directory will be incorrect:{noformat}C:\ProgramData\PuppetLabs\puppet>icacls.exe cache\client_datacache\client_data BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(RX) Everyone:(Rc,S,RA) CREATOR OWNER:(CI)(IO)(F) CREATOR GROUP:(CI)(IO)(RX) CREATOR OWNER:(OI)(IO)(R,W,D,WDAC,WO,DC) CREATOR GROUP:(OI)(IO)(R)Successfully processed 1 files; Failed processing 0 files{noformat}*Note*: This assumes that the "puppet" server does not actually exist. This would happen in the situation where a user will interactively install the MSI and leave the default "puppet" server name. After the installation the user would have to manually update the "puppet.conf" to point to the correct master server.h2. Attachments* Noneh2. Repro Steps# Open a console and install the [Puppet Agent|http://builds.puppetlabs.lan/puppet-agent/9c0a93a43b597dca2ce14485b635389b3dfbbeca/artifacts/windows/] onto the SUT (*Note*: The service is *NOT* disabled when the agent is installed):{noformat}msiexec.exe /i puppet-agent-1.2.7.421.g9c0a93a-x64.msi /qn /L*V C:\Windows\TEMP\install-puppet.log{noformat}# Get the ACL for the "C:\ProgramData\PuppetLabs\puppet\cache\client_data" directory:{noformat}cd C:\ProgramData\PuppetLabs\puppeticacls.exe cache\client_data{noformat}h2. ExpectThe ACE for SYSTEM should be full control.h2. ActualThe ACE for SYSTEM is only RX:{noformat}C:\ProgramData\PuppetLabs\puppet>icacls.exe cache\client_datacache\client_data BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(RX) Everyone:(Rc,S,RA) CREATOR OWNER:(CI)(IO)(F) CREATOR GROUP:(CI)(IO)(RX) CREATOR OWNER:(OI)(IO)(R,W,D,WDAC,WO,DC) CREATOR GROUP:(OI)(IO)(R)Successfully processed 1 files; Failed processing 0 files{noformat}
Add Comment
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title
Ryan Gard updated an issue
Puppet / PUP-5491
The "client_data" Directory Permissions Incorrect After Installation
Change By:
Ryan Gard
h1. DescriptionIf a user runs installs the Puppet Agent on a Windows node and allows the service to start after initial registration installation the ACE for SYSTEM is changed on the "client_data" directory will be incorrect :{noformat}C:\ProgramData\PuppetLabs\puppet>icacls.exe cache\client_datacache\client_data BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(RX) Everyone:(Rc,S,RA) CREATOR OWNER:(CI)(IO)(F) CREATOR GROUP:(CI)(IO)(RX) CREATOR OWNER:(OI)(IO)(R,W,D,WDAC,WO,DC) CREATOR GROUP:(OI)(IO)(R)Successfully processed 1 files; Failed processing 0 files{noformat} *Note*: This assumes that the "puppet" server does not actually exist. This would happen in the situation where a user will interactively install the MSI and leave the default "puppet" server name. After the installation the user would have to manually update the "puppet.conf" to point to the correct master server. h2. Attachments* Noneh2. Repro Steps# Open a console and install the [Puppet Agent|http://builds.puppetlabs.lan/puppet-agent/9c0a93a43b597dca2ce14485b635389b3dfbbeca/artifacts/windows/] onto the SUT (*Note*: The service is *NOT* disabled when the agent is installed):{noformat}msiexec.exe /i puppet-agent-1.2.7.421.g9c0a93a-x64.msi /qn /L*V C:\Windows\TEMP\install-puppet.log{noformat}# Get the ACL for the "C:\ProgramData\PuppetLabs\puppet\cache\client_data" directory:{noformat}cd C:\ProgramData\PuppetLabs\puppeticacls.exe cache\client_data{noformat}h2. ExpectThe ACE for SYSTEM should be full control.h2. ActualThe ACE for SYSTEM is only RX:{noformat}C:\ProgramData\PuppetLabs\puppet>icacls.exe cache\client_datacache\client_data BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(RX) Everyone:(Rc,S,RA) CREATOR OWNER:(CI)(IO)(F) CREATOR GROUP:(CI)(IO)(RX) CREATOR OWNER:(OI)(IO)(R,W,D,WDAC,WO,DC) CREATOR GROUP:(OI)(IO)(R)Successfully processed 1 files; Failed processing 0 files{noformat}
Add Comment
Jira (PUP-5491) The "client_data" Directory Permissions Incorrect After Installation
Title: Message Title Ryan Gard updated an issue Puppet / PUP-5491 The "client_data" Directory Permissions Incorrect After Installation Change By: Ryan Gard Summary: The "client_data" Directory Permissions are Changed Incorrect After Puppet Agent Run Installation Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
