On Mar 4, 8:24 am, Tim Dunphy <bluethu...@gmail.com> wrote: > the puppetmaster daemon is not running as root, however I have other > modules running on this machine and a files directory in each that > all have the same exact ownership and permissions and are being shared > without any problems.
Then the puppetmaster user must belong to group "root" (or one of its aliases); otherwise, it wouldn't be able to read your other files, either. I wouldn't be very comfortable with that, though it's better than running as root. If you want to ensure that the Puppetmaster cannot change the files, then you can instead assign the files and the puppet user to group "puppet" (or some other non-root group) and leave the file modes the same. Files' groups do not have to coincide with their owners' groups. Whether you do that or not, though, do ensure that all the directories in the path to your file have group execute permission. Read is not enough. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
