Skip to content
This repository has been archived by the owner on Feb 15, 2022. It is now read-only.

puppet-lint check to ensure file resources are not world writable.

License

Notifications You must be signed in to change notification settings

deanwilson/puppet-lint-world_writable_files-check

Repository files navigation

puppet-lint world_writable_files check

A puppet-lint extension that ensures file resources do not have a mode that makes them world writable.

Actions Status

On a *nix system a world writable file is one that anyone can write to. This is often undesirable, especially in production, where who can write to certain files should be limited and enabled with deliberation, not by accident.

This plugin currently only checks octal file modes, the no_symbolic_file_modes puppet-lint check ensure this isn't a problem for my code bases but it might be a consideration for other peoples usages.

Installation

To use this plugin add the following line to your Gemfile

gem 'puppet-lint-world_writable_files-check'

and then run bundle install

Usage

This plugin provides a new check to puppet-lint that warns if it finds a file resource that would be created with a mode that allowed every one to write to it.

class locked_down_file {
  file { '/tmp/open_octal':
    ensure => 'file',
    mode   => '0666',
  }
}

This example makes a file that can be read and written to by all users of the system and so will raise:

files should not be created with world writable permissions

Other puppet-lint plugins

You can find a list of my puppet-lint plugins in the unixdaemon puppet-lint-plugins repo.

Author

Dean Wilson

About

puppet-lint check to ensure file resources are not world writable.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages