On Thu, Nov 20, 2014 at 6:55 AM, jcbollinger
wrote:
>
>
> On Wednesday, November 19, 2014 8:04:59 AM UTC-6, Mnemo Johnny wrote:
>>
>> Hi, colleagues!
>>
>> Can I repeatedly use a one file resource in Windows in follow case?
>>
>
>
> You can never declare the same resource more than once in one ca
On Wednesday, November 19, 2014 8:04:59 AM UTC-6, Mnemo Johnny wrote:
>
> Hi, colleagues!
>
> Can I repeatedly use a one file resource in Windows in follow case?
>
You can never declare the same resource more than once in one catalog.
Under some circumstances, however, the same DSL code can b
Hi,
thank you now it is working.
Best regards,
Andreas
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this
Instead of $conf_file you should use $title or $name inside the define
Regards,
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@google
On 24/01/14 14:39, Andreas Dvorak wrote:
Hi,
I am trying this. config.pp of module logrotate
define logrotate::config{
case $::osfamily {
redhat:{
file { "/etc/logrotate.d/${conf_file}":
ensure => 'present',
owner => 'root',
group => 'root',
mode =
Hi,
I am trying this. config.pp of module logrotate
define logrotate::config{
case $::osfamily {
redhat:{
file { "/etc/logrotate.d/${conf_file}":
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0644',
source => "puppet://${pup
Hey, all;
Thanks for the responses. I appreciate it. I was unaware that the file
resource handles selinux. I seem to remember one of my searches saying
puppet didn't support selinux. Maybe an old version of puppet or a
misread, either way, I'll take that route.
I know my attempt at executi
On Sunday, November 17, 2013 2:33:54 PM UTC-6, dkoleary wrote:
>
> Hi;
>
> This one should be easy; but, so far, it's eluding me.
>
> I would like to configure ssh to use a different directory for authorized
> keys files. I have the file resource which that works on its own. I want
> the file
On Monday, April 15, 2013 9:40:36 AM UTC-5, jcbollinger wrote:
>
> Thus, use of either of those properties effectively implies something
> similar to "ensure => 'file'".
>
>
I'm not inclined at the moment to verify what happens if 'ensure' is
unspecified and 'source' points to a directory. I a
On Sunday, April 14, 2013 10:55:07 AM UTC-5, Felix.Frank wrote:
>
> Hi,
>
> On 04/04/2013 05:08 PM, jcbollinger wrote:
> > if I define a file resource without specifying an ensure parameter,
> > it seems to behave like ensure => present was specified.
> >
> >
> >
> > Yes, that's th
On 04/15/2013 09:31 AM, Ellison Marks wrote:
> Perhaps it works differently when specifying the content/source of a
> file. I tried your example, but with content => 'foo' instead of mode =>
> 640 and it created the file.
Yes, I believe that's an important distinction.
One would expect 'content =
Perhaps it works differently when specifying the content/source of a file.
I tried your example, but with content => 'foo' instead of mode => 640 and
it created the file.
On Sunday, April 14, 2013 8:55:07 AM UTC-7, Felix.Frank wrote:
>
> Hi,
>
> On 04/04/2013 05:08 PM, jcbollinger wrote:
> >
Hi,
On 04/04/2013 05:08 PM, jcbollinger wrote:
> if I define a file resource without specifying an ensure parameter,
> it seems to behave like ensure => present was specified.
>
>
>
> Yes, that's the default.
Uhm, are you sure? I would expect the following to be a noop, which
seems to
On Thursday, April 4, 2013 5:44:40 AM UTC-5, carlo montanari wrote:
>
> Hi all,
>
> if I define a file resource without specifying an ensure parameter, it
> seems to behave like ensure => present was specified.
>
Yes, that's the default.
> I'm trying to require a file only when a command i
On Sep 1, 9:30 am, treydock wrote:
[...]
> Thanks for the suggestion. I run puppet manually as you suggested,
> and still no errors. Even stranger is sometime last night the errors
> stopped occurring. From the time I activated the samba module, till
> last night it failed like clockwork, eve
On Sep 1, 2011, at 7:30 AM, treydock wrote:
> My understanding of the internals of how Winbind/Samba store and cache
> AD account information is a bit lacking, but could this be that it
> just took time for the groups/users to get cached? Authentication and
> all other functions relying on these
On Sep 1, 8:03 am, jcbollinger wrote:
> On Aug 31, 8:09 pm, treydock wrote:
>
> > I have a file resource defined to be owned by a group that is
> > accessible via samba/winbind (AD based group), but every time Puppet
> > runs automatically (every 30 min) the run fails with this error ,
> > (sen
On Aug 31, 8:09 pm, treydock wrote:
> I have a file resource defined to be owned by a group that is
> accessible via samba/winbind (AD based group), but every time Puppet
> runs automatically (every 30 min) the run fails with this error ,
> (sensitive information removed)
>
> (/Stage[main]//Node
On Feb 17, 11:25 am, Roy Nielsen wrote:
> It's not mentioned in the online documentation, but will the file
> resource parameter "replace" work with
>
> content => template("mytemplate.erb"),
>
> I'd like to be able to say "if the file is already there, don't modify
> it", with the
>
> rep
After all the Regex magic that has just ensued on the Dev list, this
should be pretty easy :-) (magic, I say!).
Having a regex match on the File type would actually be useful in a
lot of cases. *But* it needs to be able to be sped up.
Something like forking to the native tools to do the match a
Hi
> OK, maybe I didn't express it clearly enough. Puppet won't let me
> specify one behaviour for /a and another for /a/**. As I said, there
> are valid reasons for wanting that.
I understood it that way and I also understand the reasons. My problem
is to see a valid way to describe that wi
On Tue, Jul 28, 2009 at 10:47:07AM +0200, Peter Meier wrote:
>
> Hi
>
> >> For sure you have to manage the content of each subdirectory separately
> >> as they're managed on their own.
> >
> > I'm sorry, but that fails as far as I'm concerned. I shouldn't be
> > having to specify common behavio
Hi
>> For sure you have to manage the content of each subdirectory separately
>> as they're managed on their own.
>
> I'm sorry, but that fails as far as I'm concerned. I shouldn't be
> having to specify common behaviour multiple times.
well either your managing a resource or you're not. Someth
Trevor Vaughan wrote:
> Personally, I don't see the default behavior as a security flaw.
>
> Perhaps, I'm missing somethingJames?
I tend to agree that the current behaviour meets 99% of the functional
requirements but I do understand where the original poster is coming from.
Like Luke, I don
On Tue, Jul 28, 2009 at 10:27:57AM +0200, Peter Meier wrote:
> For sure you have to manage the content of each subdirectory separately
> as they're managed on their own.
I'm sorry, but that fails as far as I'm concerned. I shouldn't be
having to specify common behaviour multiple times.
--
Bru
Hi
> On a slight tangent, how about having 755 on a directory but (for
> example) having 700 or 600 recursively on all the managed directories
> and files underneath it (and maybe different ownership as well). There
> are valid reasons for wanting to do this but the last time I tried it, I
> fou
2009/7/28 Judd :
>
> In any case it's VERY misleading to have an explicit command
> completely ignored by an unstated policy.
>
Personally, I'm not too worried about the security aspects of this,
but I would certainly expect Puppet to do what its told. If I fluff
my permissions, more fool me. H
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm slightly confused.
- From your original example, it looks like you're trying to create a
directory where everyone has read/write access, but nobody can traverse
the directory.
Perhaps this is the start of a symlink farm?
Most security guidance
Thanks for following up on this..
There are many instances when a user will be allowed access to a
particular path, and not the containing directory's file list. Take a
mail server or example, where a mail system user creates directories
where users have access to their own files and folders, bu
>
> Generally speaking they define a few basics:
>
> 1. Who is accountable for security
> 2. What to do if you find a security issue and where to report
> security issues
> 3. How security patches are handled
> 4. The project's disclosure policy
>
> Regards
>
> James Turnbull
This sounds lik
Also see the bug ticket submitted:
http://projects.reductivelabs.com/issues/2451
On Jul 27, 2009, at 4:45 PM, Judd Maltin wrote:
>
> This code:
>
>
> file { '/tmp/default':
>ensure => directory,
>mode => '666'
> }
>
> produces:
>
> r...@blah# ls -la /tmp/default/
> total 16
> d
On Mon, Jul 27, 2009 at 11:01:16PM +0200, Peter Meier wrote:
> > Is there a consistent culture or policy in the Puppet community to
> > override explicit security configurations? It must be explicitly
> > avoided in an audit, if that's the case. If there is no policy,
> > perhaps we should defin
Hi
>> Could you outline what you'd like to have in this policy. Not explicitly
>> for this question you raised but more in general. Maybe it's indeed
>> interesting to have one.
>
> As someone who works as a security professional and has spent the
> last week interacting with a small army of aud
Hi
> the only existing culture is that for file resources directories
> automatically get the execute bit. I don't yet see why you'd like to
> have a directory without the execute flag set, maybe you can explain?
>
> This "feature" is one side very helpfull if you have recursive
> directories to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter Meier wrote:
> Could you outline what you'd like to have in this policy. Not explicitly
> for this question you raised but more in general. Maybe it's indeed
> interesting to have one.
As someone who works as a security professional and has spe
Hi
> That is a major security issue. I cannot recommend Puppet to my
> clients if I get different results on my filesystem than from my
> manifest.
>
> Is there a consistent culture or policy in the Puppet community to
> override explicit security configurations? It must be explicitly
> avoide
Judd Maltin wrote:
> This code:
>
>
> file { '/tmp/default':
> ensure => directory,
> mode => '666'
> }
>
> produces:
>
> r...@blah# ls -la /tmp/default/
> total 16
> drwxrwxrwx 2 root root 4096 2009-07-27 16:21 .
>
> That is a major security issue. I cannot recommend Puppet to m
Judd Maltin wrote:
> This code:
>
>
> file { '/tmp/default':
> ensure => directory,
> mode => '666'
> }
>
> produces:
>
> r...@blah# ls -la /tmp/default/
> total 16
> drwxrwxrwx 2 root root 4096 2009-07-27 16:21 .
>
> That is a major security issue. I cannot recommend Puppet to m
38 matches
Mail list logo
