On Wed, Feb 10, 2010 at 5:10 PM, jcbollinger <john.bollin...@stjude.org>wrote:
>
> On Feb 10, 3:21 pm, Anchi Zhang <anchi.zh...@gmail.com> wrote:
>
> [...]
>
> > file { "/etc/shadow":
> > source => "puppet:///solaris//etc/shadow",
> > }
>
> [...]
>
> > I get the following errors unless the source is world readable.
> >
> > On puppetmaster,
> >
> > err: Permission denied - /etc/puppet/manifests/solaris/etc/shadow
>
> [...]
>
> The puppetmasterd process needs to be able to read file to serve it.
> You shouldn't need to make it world-readable, however, if you change
> the file so that the puppetmasterd process's user owns it. In other
> words, if the puppetmasterd is running as user "puppet" then change
> the source file to be owned by puppet.
>
> You could work a similar trick by changing the file's group and making
> it group readable.
>
Thank you for the pointers. My thinking was that if puppetd was allowed to
do "owner => root" puppetmasterd should be able to read files owned by root,
without realizing puppetd was running as root.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
