Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
(#17866) Fix permissions regression for logdir in puppet.spec.erb #1308
Fixes permissions on /var/log/puppet. Since puppet manages its own file / directory permissions and corrects them on its own, the RPM .spec file must have the right idea of what the permissions on everything should be in order to verify cleanly.
Related to RedHat bugzilla #495096.
Unfortunately, yes, the problem will resurface if the mode of $logdir is changed in puppet.conf. However, that would be the case for any directory managed by the Puppet RPM, including /var/lib/puppet and /var/run/puppet.
An alternate solution is to remove the logdir from the spec altogether and let puppet create it. However if we were to make that change, I would say that /var/run/puppet and /var/lib/puppet, as well as any other state directory that Puppet manages itself should be omitted from the RPM as well, which might work, but could break other automation scripts out there if they are counting on any of those directories to exist before puppet runs the first time.
I think that changing the default permissions on /var/log/puppet is a sufficient solution, especially since the permissions are 750 and ownership is puppet:puppet. If the user really wanted to change the permissions on $logdir, I'm guessing the directory would probably not be set to /var/log/puppet to begin with.