Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-2877

Puppet on Windows should not remove file access to the Administrator

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Do
    • Affects Version/s: puppet-agent 6.7.0
    • Fix Version/s: None
    • Component/s: Windows
    • Labels:
      None
    • Template:
      JIRA KB Article Requests
    • Team:
      Night's Watch
    • Story Points:
      3
    • Sprint:
      PR - Triage, PR - Triage
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      On Linux, root always can access all files, so this is not a problem. However, on Windows it is possible for the Administrator user to not have access to a file, which causes this issue.

      If you make Puppet create a file that is only accessible by a given user, subsequent runs of Puppet will fail because Puppet even removes access to Administrators (the user it runs as) and can no longer access that file.

      I think Puppet should preserve access to the Administrator account, as otherwise it is locking itself out of the file it is intended to manage. Since the Administrator account can take ownership of any file by other means, this is shouldn't have security implications.

      How to reproduce:

      file { 'C:/my_amazing_file.txt':
           ensure => file,
           owner => 'my_fabulous_user',
           group => 'my_great_group',
           mode => '0600',
           content => 'my_nice_content'
       }
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            albertvaka Albert Vaca
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support