Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

puppet-lint world_writable_files check

A puppet-lint extension that ensures file resources do not have a mode that makes them world writable.

Build Status

On a *nix system a world writable file is one that anyone can write to. This is often undesirable, especially in production, where who can write to certain files should be limited and enabled with deliberation, not by accident.

This plugin currently only checks octal file modes, the no_symbolic_file_modes puppet-lint check ensure this isn't a problem for my code bases but it might be a consideration for other peoples usages.

Installation

To use this plugin add the following line to your Gemfile

gem 'puppet-lint-world_writable_files-check'

and then run bundle install

Usage

This plugin provides a new check to puppet-lint that warns if it finds a file resource that would be created with a mode that allowed every one to write to it.

class locked_down_file {
  file { '/tmp/open_octal':
    ensure => 'file',
    mode   => '0666',
  }
}

This example makes a file that can be read and written to by all users of the system and so will raise:

files should not be created with world writable permissions

Other puppet-lint plugins

You can find a list of my puppet-lint plugins in the unixdaemon puppet-lint-plugins repo.

Author

Dean Wilson

About

puppet-lint check to ensure file resources are not world writable.

Resources

License

Languages

You can’t perform that action at this time.