New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

file.directory #48336

Closed
JuanManuelVizcainoAbad opened this Issue Jun 27, 2018 · 5 comments

Comments

@JuanManuelVizcainoAbad

JuanManuelVizcainoAbad commented Jun 27, 2018

Description of Issue/Question

When salt generate a file in a state file, the specials permissions are not correct applied
If execute a second time, salt apply correct permissions.

Setup

(Please provide relevant configs and/or SLS files (Be sure to remove sensitive info).)

/file/app.c:
  file.managed:
    - source: salt://files/app.c
    - user: root
    - group: root
    - mode: 750

compile:
  cmd.run:
    - name: gcc -I/usr/local/include/mysql -L/usr/local/lib/mysql -ggdb -D_GNU_SOURCE -o /root/app /root/app.c -lmysqlclient
    - onchanges:
      - file: /root/app.c

permission app:
  file.managed:
    - name: /root/app
    - user: root
    - group: filter
    - mode: '4750'

Steps to Reproduce Issue

(Include debug logs if possible and relevant.)

      ID: /root/app.c
Function: file.managed
  Result: True
 Comment: File /root/app.c updated
 Started: 11:55:39.818079
Duration: 51.478 ms
 Changes:
          ----------
          diff:
              New file
          mode:
              0750

      ID: compile
Function: cmd.run
    Name: gcc -I/usr/local/include/mysql -L/usr/local/lib/mysql -ggdb -D_GNU_SOURCE -o /root/app /root/app..c -lmysqlclient
  Result: True
 Comment: Command "gcc -I/usr/local/include/mysql -L/usr/local/lib/mysql -ggdb -D_GNU_SOURCE -o /root/app /root/app.c -lmysqlclient" run
 Started: 11:55:39.871047
Duration: 155.853 ms
 Changes:
          ----------
          pid:
              22965
          retcode:
              0
          stderr:
          stdout:

      ID: permission app
Function: file.managed
    Name: /root/app
  Result: True
 Comment:
 Started: 11:55:40.027193
Duration: 8.076 ms
 Changes:
          ----------
          group:
              filter
          mode:
              4750

but the permissions are

-rwxr-x--- 1 root filter 54160 Jun 27 11:56 app

if execute state a second time the permission is fixed

-rwsr-x---  1 root filter      0 Jun 27 12:10 app

Versions Report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)
12:10 $ salt --versions-report
Salt Version:
Salt: 2018.3.1

Dependency Versions:
cffi: 1.11.5
cherrypy: Not Installed
dateutil: Not Installed
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.10
libgit2: 0.27.2
libnacl: Not Installed
M2Crypto: 0.30.1
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.5.6
mysql-python: Not Installed
pycparser: 2.18
pycrypto: 2.6.1
pycryptodome: Not Installed
pygit2: 0.27.1
Python: 2.7.15 (default, Jun 17 2018, 12:46:58)
python-gnupg: Not Installed
PyYAML: 3.12
PyZMQ: 17.0.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.5.3
ZMQ: 4.2.5

System Versions:
dist:
locale: UTF-8
machine: x86_64
release: 17.6.0
system: Darwin
version: 10.13.5 x86_64

@Ch3LL

This comment has been minimized.

Contributor

Ch3LL commented Jun 27, 2018

looks like i'm able to replicate this just simply using hte file.managed state below:

permission app:
  file.managed:
    - name: /root/app
    - user: root
    - group: user
    - mode: '4750'

do you know if this was ever previously working? I am seeing the same behavior on 2017.7.3 as well.

@JuanManuelVizcainoAbad

This comment has been minimized.

JuanManuelVizcainoAbad commented Jun 28, 2018

Hi
I newer used before, this state is new.
To try, i'm execute the same state in salt 2016.11.5 (Carbon) a never apply the suid permission.

Thanks

@rallytime

This comment has been minimized.

Contributor

rallytime commented Jun 28, 2018

@garethgreenaway Can you add this to your list to fix?

@garethgreenaway

This comment has been minimized.

Member

garethgreenaway commented Jul 1, 2018

Looks like the issue was in the file.py module, the ordering of when things were happening. The chmod with the setuid was happening but the chown to the group (which was happening after the chmod) was wiping that out. The change in those two PRs moves the chmod logic to be last.

@rallytime

This comment has been minimized.

Contributor

rallytime commented Jul 6, 2018

@JuanManuelVizcainoAbad This should be fixed with #48398 for 2018.3 and #48399 for 2017.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment