Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set script's group to 0 if script owner is root #280

Merged
merged 1 commit into from Mar 16, 2015
Merged

Set script's group to 0 if script owner is root #280

merged 1 commit into from Mar 16, 2015

Conversation

thias
Copy link
Contributor

@thias thias commented Mar 5, 2015

When files on a puppetmaster are owned by a non-root user,
concatfragments.sh gets installed on the nodes with a group
owner matching the one of the master.

This has no security implications since the file is mode 755,
but does lead to possible ping-pong situations when switching
between environments where the files on the master have
different group ownership.

Use '0' instead of 'root', since the root user's main group
isn't always 'root' on some BSDs, but always '0'.

@thias
Set script's group to 0 if script owner is root
9990f2e 
When files on a puppetmaster are owned by a non-root user,
concatfragments.sh gets installed on the nodes with a group
owner matching the one of the master.

This has no security implications since the file is mode 755,
but does lead to possible ping-pong situations when switching
between environments where the files on the master have
different group ownership.

Use '0' instead of 'root', since the root user's main group
isn't always 'root' on some BSDs, but always '0'.
@sodabrew
Copy link

I'm seeing this problem now that I've updated my concat module to 1.2.0 - the group owner of /var/lib/puppet/concat/bin/concatfragments.sh is all over the place - ntp, postfix, root, haproxy - looks like whatever was the last value set for any other file in the catalog just prior to this file!

@hunner
Copy link
Contributor

hunner commented Mar 16, 2015

👍

hunner added a commit that referenced this pull request Mar 16, 2015
@hunner
Merge pull request #280 from thias/master
c4a14b4 
Set script's group to 0 if script owner is root
@hunner hunner merged commit c4a14b4 into puppetlabs:master Mar 16, 2015
@daenney
Copy link

daenney commented Mar 16, 2015

👍

@sodabrew
Copy link

🏆

@sodabrew sodabrew mentioned this pull request Mar 16, 2015
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@thias @sodabrew @hunner @daenney @LukasAud