Details
Normal Description
Puppet Version: 5.4.0
Puppet Server Version: 5.2.0
OS Name/Version: CentOS 6.9
Puppet agent RPM manages several files in /etc/puppetlabs/code/environments/production that it shouldn't.
AIUI, These files aren't necessary on an agent install. Since they're managed by the puppet-agent RPM as root/root, upgrading the package resets permissions on these files.
In our environment we have a monorepo and we do a git pull as the 'puppet' user which fails after upgrading the agent RPM since the files become owned by root
Ideally these would not be in the RPM, or specified as %config or something.
$ rpm -V puppet-agent
.....UG.. /etc/puppetlabs/code/environments
.....UG.. /etc/puppetlabs/code/environments/production
missing /etc/puppetlabs/code/environments/production/data
S.5..UGT. c /etc/puppetlabs/code/environments/production/environment.conf
missing c /etc/puppetlabs/code/environments/production/hiera.yaml
.....UG.. /etc/puppetlabs/code/environments/production/manifests
.....UG.. /etc/puppetlabs/code/environments/production/modules
Desired Behavior:
Upgrading puppet-agent RPM doesn't break git pull as a non-root user.
Actual Behavior:
Upgrading puppet-agent causes future git pulls in /etc/puppetlabs/code/environments/production to fail due to user permissions
$ rpm -ql puppet-agent
...
/etc/puppetlabs/code/environments/production
/etc/puppetlabs/code/environments/production/data
/etc/puppetlabs/code/environments/production/environment.conf
/etc/puppetlabs/code/environments/production/hiera.yaml
/etc/puppetlabs/code/environments/production/manifests
/etc/puppetlabs/code/environments/production/modules
