Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-7602

ssh_authorized_keys temporary file Operation not permitted

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: sshkeys_core
    • Labels:
    • Environment:

      64-bit Ubuntu 12.04.4
      ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

      Description

      Occasionally (fairly regularly) we've been getting flickers when running Puppet 3.4.3 catalogs:

      Apr 24 05:50:43 hostname puppet-agent[838]: (/Stage[main]/Users/Users::Create_user[user1]/Ssh_authorized_key[user1]) Could not evaluate: Puppet::Util::FileType::FileTypeFlat could not write /home/user1/.ssh/authorized_keys: Operation not permitted - /tmp/puppet20140424-838-slrj8c-0
      

      It appears the temporary file is owned by a user that was deployed previously in the catalog:

      agibbins@hostname ~ % ls -l /tmp/puppet20140424-838-slrj8c-0
      -rw------- 1 user2 users 573 Apr 24 05:50 /tmp/puppet20140424-838-slrj8c-0
      

      The file contains the complete public key for user2.

      This happens for all variations of users (and isn't specific to user1 + user2) and occurs "randomly", we've been unable to reproduce on demand.

      The ssh_authorized_key resource causing these errors looks like this (with variables evaluated obviously):

      @ssh_authorized_key { $name:
        ensure  => $ensure,
        key     => $keytext,
        name    => $key_comment,
        user    => $name,
        type    => $key_type,
        options => $key_options,
        target  => "${home}/.ssh/authorized_keys",
        require => File["${name} ssh directory"],
      }
      

      Apologies if this is a duplicate bug, there's many similar bugs but all are resolved, closed or look unrelated.

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                adamgibbins Adam Gibbins
                QA Contact:
                Narmadha Perumal
              • Votes:
                4 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Zendesk Support