On Nov 8, 2010, at 9:36 AM, Markus Falb wrote:
> On 08.11.10 17:03, R.I.Pienaar wrote:
>>
>> ----- "Markus Falb" <markus.f...@fasel.at> wrote:
>>
>>> Hi,
>>>
>>> I try to serve a file
>>>
>>> file { "/root/test3.txt":
>>> ensure => file,
>>> source => "puppet:///yum/test.txt",
>>> }
>>>
>>> On the puppetmaster this files look like this
>>>
>>> #$ ls -n test.txt
>>> -rw-r--r-- 1 502 301 4 8 Nov 16:25 test.txt
>>>
>>> Finally, here is my question: What ownership may I expect on the
>>> resulting file ?
>>
>> Do not rely on this behavior, specify the owner and mode in your file{}
>> resources.
>>
>> That is the only reliable way.
>>
>
> It seems so, but do we want things this way ? I knew that I can specify
> owner explicitly, instead I wanted to question the defaults.
>
> When puppetd runs as root and without defined otherwise files should be
> created with owner root in my opinion. Why should one assume that uids
> on puppetmaster and client are synchronised ? Forget to define one
> ownership in your manifests and possibly unrelated users on the client
> can access these files unintentionally.
>
> I think thats a security flaw. I would like to rely on reasonable
> defaults. I think about opening a ticket for this.
>
> I try in other words: A file on puppetmaster belongs to user x with uid
> y and it is created on the client with uid y whatever user this
> translates to. Is this intended ?
I'm pretty sure it was intended because I don't think that would happen by
accident. Someone would have needed to write the code to do that.
Now, is it a good idea? I con't help you there.
If you think it's a problem, I would consider filing a bug.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
