-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm slightly confused.
- From your original example, it looks like you're trying to create a
directory where everyone has read/write access, but nobody can traverse
the directory.
Perhaps this is the start of a symlink farm?
Most security guidance
Thanks for following up on this..
There are many instances when a user will be allowed access to a
particular path, and not the containing directory's file list. Take a
mail server or example, where a mail system user creates directories
where users have access to their own files and folders, bu
>
> Generally speaking they define a few basics:
>
> 1. Who is accountable for security
> 2. What to do if you find a security issue and where to report
> security issues
> 3. How security patches are handled
> 4. The project's disclosure policy
>
> Regards
>
> James Turnbull
This sounds lik
Also see the bug ticket submitted:
http://projects.reductivelabs.com/issues/2451
On Jul 27, 2009, at 4:45 PM, Judd Maltin wrote:
>
> This code:
>
>
> file { '/tmp/default':
>ensure => directory,
>mode => '666'
> }
>
> produces:
>
> r...@blah# ls -la /tmp/default/
> total 16
> d
On Jul 27, 5:30 pm, jcbollinger wrote:
> > Can anyone shed some light on this issue?
>
> I think I can. It doesn't look like you have accurately followed the
> custom fact instructions you referenced. Your custom code should be
> wrapped in "setcode do [...] end", as in the example.
You are
Hello,
I have a set of modules and classes that I created and would like to
know the best way to document what each modules and class is doing.
Please excuse the log example ...
For example: My 'AC-3' Module contains a number of 'GEN' references
from an older labeling system and I would like to
On Mon, Jul 27, 2009 at 11:01:16PM +0200, Peter Meier wrote:
> > Is there a consistent culture or policy in the Puppet community to
> > override explicit security configurations? It must be explicitly
> > avoided in an audit, if that's the case. If there is no policy,
> > perhaps we should defin
On Mon, Jul 27, 2009 at 3:26 PM, Allan Marcus wrote:
>
> I use the pkgdmg provider.
>
> What are the ramifications of changing the default?
For you, nothing apart from no longer having to specify provider =>
pkgdmg in your manifests.
I like being explicit about things, so have always set this as
I use the pkgdmg provider.
What are the ramifications of changing the default?
---
Thanks,
Allan Marcus
505-667-5666
On Jul 20, 2009, at 11:27 AM, Nigel Kersten wrote:
>
> If you never use Puppet with Mac clients, you can stop reading now.
>
>
> http://projects.reductivelabs.com/issues/2426
Running 0.25.0b2,
Trying to do ssh host public/private key installation via the file type,
file { "ssh_host_dsa_key.pub":
path => "$base_path/ssh_host_dsa_key.pub",
mode => 0644,
owner => root,
group => root,
source =
On Jul 27, 3:30 pm, scott wrote:
> I'm a newbie attempting to get a custom fact distributed to clients.
> I've followed the instructions
> athttp://reductivelabs.com/trac/puppet/wiki/AddingFacts
> and based my first fact on a simple recipe.
>
> I'm having at least one problem and possibly more
Hi
>> Could you outline what you'd like to have in this policy. Not explicitly
>> for this question you raised but more in general. Maybe it's indeed
>> interesting to have one.
>
> As someone who works as a security professional and has spent the
> last week interacting with a small army of aud
Hi
> the only existing culture is that for file resources directories
> automatically get the execute bit. I don't yet see why you'd like to
> have a directory without the execute flag set, maybe you can explain?
>
> This "feature" is one side very helpfull if you have recursive
> directories to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter Meier wrote:
> Could you outline what you'd like to have in this policy. Not explicitly
> for this question you raised but more in general. Maybe it's indeed
> interesting to have one.
As someone who works as a security professional and has spe
On Jul 27, 12:02 pm, Sharada wrote:
> Hi,
>
> My initial puppet code for managing cron job was:
>
> cron { 'do-this':
> command => ''/user/bin/python /root/do.py',
> user => root,
> hour => [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
> 18, 19, 20, 21, 22, 23],
>
I'm a newbie attempting to get a custom fact distributed to clients.
I've followed the instructions at
http://reductivelabs.com/trac/puppet/wiki/AddingFacts
and based my first fact on a simple recipe.
I'm having at least one problem and possibly more.
1) Puppet/facter fails to load the custom
Hi
> That is a major security issue. I cannot recommend Puppet to my
> clients if I get different results on my filesystem than from my
> manifest.
>
> Is there a consistent culture or policy in the Puppet community to
> override explicit security configurations? It must be explicitly
> avoide
Judd Maltin wrote:
> This code:
>
>
> file { '/tmp/default':
> ensure => directory,
> mode => '666'
> }
>
> produces:
>
> r...@blah# ls -la /tmp/default/
> total 16
> drwxrwxrwx 2 root root 4096 2009-07-27 16:21 .
>
> That is a major security issue. I cannot recommend Puppet to m
Judd Maltin wrote:
> This code:
>
>
> file { '/tmp/default':
> ensure => directory,
> mode => '666'
> }
>
> produces:
>
> r...@blah# ls -la /tmp/default/
> total 16
> drwxrwxrwx 2 root root 4096 2009-07-27 16:21 .
>
> That is a major security issue. I cannot recommend Puppet to m
This code:
file { '/tmp/default':
ensure => directory,
mode => '666'
}
produces:
r...@blah# ls -la /tmp/default/
total 16
drwxrwxrwx 2 root root 4096 2009-07-27 16:21 .
That is a major security issue. I cannot recommend Puppet to my
clients if I get different results on my f
Mark Plaksin wrote:
>> One potential fix for that is to check for deletions, like so:
>
> Thanks for doing work for us :) We noticed the need for this but
> haven't had a chance to fix it. Your change works great. I updated the
> Wiki.
Cool. Credit for that one goes to Ricky Zhou. When we add
> > * Because of complexity of how and when classes are interpreted,
> > aren't variables often a tricky thing to play with if you are
> > planning to change their values in later scopes?
>
> With the current tooling, I think the only real chance is to put all
> "choosing values for variables wh
Hi,
My initial puppet code for managing cron job was:
cron { 'do-this':
command => ''/user/bin/python /root/do.py',
user => root,
hour => [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
18, 19, 20, 21, 22, 23],
minute => 42,
require => [File['/home/do.py']]
}
23 matches
Mail list logo
