New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(#17866) Fix permissions regression for logdir in puppet.spec.erb #1308

Merged
merged 1 commit into from Dec 3, 2012

Conversation

Projects
None yet
3 participants
@ryanuber
Contributor

ryanuber commented Dec 1, 2012

Fixes permissions on /var/log/puppet. Since puppet manages its own file / directory permissions and corrects them on its own, the RPM .spec file must have the right idea of what the permissions on everything should be in order to verify cleanly.

Related to RedHat bugzilla #495096.

@joshcooper

This comment has been minimized.

Show comment
Hide comment
@joshcooper

joshcooper Dec 3, 2012

Member

@ryanuber will we have the same problem if someone defines a different mode in puppet.conf (once http://projects.puppetlabs.com/issues/17371 is fixed)?

Member

joshcooper commented Dec 3, 2012

@ryanuber will we have the same problem if someone defines a different mode in puppet.conf (once http://projects.puppetlabs.com/issues/17371 is fixed)?

@ryanuber

This comment has been minimized.

Show comment
Hide comment
@ryanuber

ryanuber Dec 3, 2012

Contributor

Unfortunately, yes, the problem will resurface if the mode of $logdir is changed in puppet.conf. However, that would be the case for any directory managed by the Puppet RPM, including /var/lib/puppet and /var/run/puppet.

An alternate solution is to remove the logdir from the spec altogether and let puppet create it. However if we were to make that change, I would say that /var/run/puppet and /var/lib/puppet, as well as any other state directory that Puppet manages itself should be omitted from the RPM as well, which might work, but could break other automation scripts out there if they are counting on any of those directories to exist before puppet runs the first time.

I think that changing the default permissions on /var/log/puppet is a sufficient solution, especially since the permissions are 750 and ownership is puppet:puppet. If the user really wanted to change the permissions on $logdir, I'm guessing the directory would probably not be set to /var/log/puppet to begin with.

Contributor

ryanuber commented Dec 3, 2012

Unfortunately, yes, the problem will resurface if the mode of $logdir is changed in puppet.conf. However, that would be the case for any directory managed by the Puppet RPM, including /var/lib/puppet and /var/run/puppet.

An alternate solution is to remove the logdir from the spec altogether and let puppet create it. However if we were to make that change, I would say that /var/run/puppet and /var/lib/puppet, as well as any other state directory that Puppet manages itself should be omitted from the RPM as well, which might work, but could break other automation scripts out there if they are counting on any of those directories to exist before puppet runs the first time.

I think that changing the default permissions on /var/log/puppet is a sufficient solution, especially since the permissions are 750 and ownership is puppet:puppet. If the user really wanted to change the permissions on $logdir, I'm guessing the directory would probably not be set to /var/log/puppet to begin with.

@haus

This comment has been minimized.

Show comment
Hide comment
@haus

haus Dec 3, 2012

Contributor

👍

Contributor

haus commented Dec 3, 2012

👍

haus added a commit that referenced this pull request Dec 3, 2012

Merge pull request #1308 from ryanuber/master
(#17866) Fix permissions regression for logdir in puppet.spec.erb

@haus haus merged commit 4b65455 into puppetlabs:master Dec 3, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment