On 08.11.10 17:03, R.I.Pienaar wrote:
>
> ----- "Markus Falb" <markus.f...@fasel.at> wrote:
>
>> Hi,
>>
>> I try to serve a file
>>
>> file { "/root/test3.txt":
>> ensure => file,
>> source => "puppet:///yum/test.txt",
>> }
>>
>> On the puppetmaster this files look like this
>>
>> #$ ls -n test.txt
>> -rw-r--r-- 1 502 301 4 8 Nov 16:25 test.txt
>>
>> Finally, here is my question: What ownership may I expect on the
>> resulting file ?
>
> Do not rely on this behavior, specify the owner and mode in your file{}
> resources.
>
> That is the only reliable way.
> It seems so, but do we want things this way ? I knew that I can specify owner explicitly, instead I wanted to question the defaults. When puppetd runs as root and without defined otherwise files should be created with owner root in my opinion. Why should one assume that uids on puppetmaster and client are synchronised ? Forget to define one ownership in your manifests and possibly unrelated users on the client can access these files unintentionally. I think thats a security flaw. I would like to rely on reasonable defaults. I think about opening a ticket for this. I try in other words: A file on puppetmaster belongs to user x with uid y and it is created on the client with uid y whatever user this translates to. Is this intended ? -- Best Regards, Markus Falb
signature.asc
Description: OpenPGP digital signature
