Re: [Puppet Users] Nagios Types

Mon, 05 Jul 2010 20:02:37 -0700 

On Mon, Jul 5, 2010 at 6:57 PM, Gabriel Filion <lelu...@gmail.com> wrote:
> On 2010-07-05 19:34, Douglas Garstang wrote:
>> First off, does anyone use the puppet built in nagios types?
>>
>> I just started to play with them, and I noticed that nagios_host
>> writes the nagios_host.cfg file as owned by root, and readable by
>> root, and no on else. Is there a reason for that? Since nagios runs as
>> the nagios user, it can't read the file. Sure, I can change the
>> ownership later with a file {}, but I shouldn't need to.
>>
>> -rw------- 1 root   root     294 Jul  5 16:30 nagios_host.cfg
>>
>> James, hope my tone is acceptable.
>>
>> Doug
>>
>
> This is probably the case since the puppet daemon must run as root to be
> able to install packages and create/remove/modify files. Also, the
> default umask for root is normally set to create files that are not
> accessible to everyone.
>
> As you mentioned, "file {...}" is probably the way to go:
>
>    file { nagios_resource_cfg:
>        path => "$nagios_basedir/resource.cfg",
>        source => [ ... ],
>        notify => Service['nagios'],
>        owner => root, group => nagios, mode => '0640';
>    }
>
> Another possibility would be to use (I havent tested it yet)
>
>    File { owner => root, group => nagios, mode => '0640'; }
>
> inside the class in which you declare the nagio file resources so that
> those permissions are the default for the nagios config files.
>

Gabriel, thanks for the reply, but I don't really think that covers it.

Umask for my root user creates files that are world readable:

[r...@test01 ~]# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[r...@test01 ~]# touch foo
[r...@test01 ~]# ls -l foo
-rw-r--r-- 1 root root 0 Jul  5 20:00 foo

Also, none of the other files created by puppet types are set to be
readable only by root. I think this might be a bug in puppet.
Surprised no one has noticed it before.

Doug.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to