Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-2114

Resetted ownerships of directories in /etc on puppet-agent rpm upgrade

    XMLWordPrintable

Details

    • Bug
    • Status: Accepted
    • Normal
    • Resolution: Unresolved
    • None
    • None
    • None
    • RHEL 7

    • Hide

      A non-root user is able to manage /etc/puppetlabs/code/environments after the puppet-agent rpm upgrade if /etc/puppetlabs/code/environments is not owned by root before.

      Show
      A non-root user is able to manage /etc/puppetlabs/code/environments after the puppet-agent rpm upgrade if /etc/puppetlabs/code/environments is not owned by root before.
    • Platform OS
    • Needs Assessment
    • Needs Assessment

    Description

      Puppet Version: 5.5.3
      Puppet Server Version: 5.3.3
      OS Name/Version: RHEL 7

      We're managing /etc/puppetlabs/code/environments/production by r10k with a dedicated non-root user for security reasons.

      Now the puppet-agent package owns /etc/puppetlabs/code/environments and some files and folders below.

      On every puppet-agent upgrade directories in the production env will be owned and grouped into root again and r10k has no more permissions to change.

      Also files marked as config-files get added with *.rpmnew extension owned by root. But these can be deleted if the containing directories are owned by the non-root user.

      List of files and directories owned by puppet-agent rpm:

      [root@79a996617dea /]# rpm -ql puppet-agent | grep /etc/puppetlabs/code/environments
      /etc/puppetlabs/code/environments
      /etc/puppetlabs/code/environments/production
      /etc/puppetlabs/code/environments/production/data
      /etc/puppetlabs/code/environments/production/environment.conf
      /etc/puppetlabs/code/environments/production/hiera.yaml
      /etc/puppetlabs/code/environments/production/manifests
      /etc/puppetlabs/code/environments/production/modules
      

      Desired Behavior:

      puppet-agent should not reset owner/group of directories in /etc/puppetlabs/code/environments

      Actual Behavior:

      puppet-agent rpm upgrade resets ownership and group of directories in /etc/puppetlabs/code/environments/production

      Attachments

        Activity

          People

            Unassigned Unassigned
            Raffaello Thomas Mueller
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Zendesk Support