Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-2114

Resetted ownerships of directories in /etc on puppet-agent rpm upgrade

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Environment:

      RHEL 7

    • Template:
    • Acceptance Criteria:
      Hide

      A non-root user is able to manage /etc/puppetlabs/code/environments after the puppet-agent rpm upgrade if /etc/puppetlabs/code/environments is not owned by root before.

      Show
      A non-root user is able to manage /etc/puppetlabs/code/environments after the puppet-agent rpm upgrade if /etc/puppetlabs/code/environments is not owned by root before.
    • Team:
      Platform OS
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 5.5.3
      Puppet Server Version: 5.3.3
      OS Name/Version: RHEL 7

      We're managing /etc/puppetlabs/code/environments/production by r10k with a dedicated non-root user for security reasons.

      Now the puppet-agent package owns /etc/puppetlabs/code/environments and some files and folders below.

      On every puppet-agent upgrade directories in the production env will be owned and grouped into root again and r10k has no more permissions to change.

      Also files marked as config-files get added with *.rpmnew extension owned by root. But these can be deleted if the containing directories are owned by the non-root user.

      List of files and directories owned by puppet-agent rpm:

      [root@79a996617dea /]# rpm -ql puppet-agent | grep /etc/puppetlabs/code/environments
      /etc/puppetlabs/code/environments
      /etc/puppetlabs/code/environments/production
      /etc/puppetlabs/code/environments/production/data
      /etc/puppetlabs/code/environments/production/environment.conf
      /etc/puppetlabs/code/environments/production/hiera.yaml
      /etc/puppetlabs/code/environments/production/manifests
      /etc/puppetlabs/code/environments/production/modules
      

      Desired Behavior:

      puppet-agent should not reset owner/group of directories in /etc/puppetlabs/code/environments

      Actual Behavior:

      puppet-agent rpm upgrade resets ownership and group of directories in /etc/puppetlabs/code/environments/production

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                Raffaello Thomas Mueller
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Zendesk Support