Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
None
-
Debian Jessie
puppetlabs repository and debian repository
-
-
Night's Watch
-
3
-
NW - 2020-06-24, NW - 2020-08-18, NW - 2020-09-01, NW - 2020-09-16
-
Customer Feedback
-
Reviewed
-
1 - 1-5% of Customers
-
3 - Serious
-
2 - $$$
-
Customer wants to use this file to monitor their agent runs and not run monitoring as the root user which causes file to be inaccessible without other action to move it or change permissions.
-
29674,30947
-
2
-
Enhancement
-
Puppet Agent code aligns with the new 'last_run_summary.yaml' location by treating the 'publicdir' setting accordingly.
Description
The last_run_summary.yaml is not readable by users.
Editing since the first publishing, because i have noticed that i have mixed puppetlabs packages and debian packages.
Detailed of packages installed:
Evidence on puppetlabs package:
root@x:~# dpkg -l puppet-agent |
Desired=Unknown/Install/Remove/Purge/Hold
|
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
|
||/ Name Version Architecture Description
|
+++-==============-============-============-=================================
|
ii puppet-agent 1.8.0-1jessi amd64 The Puppet Agent package contains |
root@x:~# |
Evidence on debian package:
root@y:~# dpkg -l puppet |
Desired=Unknown/Install/Remove/Purge/Hold
|
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
|
||/ Name Version Architecture Description
|
+++-==============-============-============-=================================
|
ii puppet 3.7.2-4 all configuration management system, |
root@y:~# |
|
Based on old tickets:
https://projects.puppetlabs.com/issues/15471, https://github.com/puppetlabs/puppet/commit/0f13cf5
Here is stated that the file read last_run_summary.yaml should be world readable.
Evidence on puppetlabs package:
root@x:~# puppet config print lastrunreport |
/opt/puppetlabs/puppet/cache/state/last_run_report.yaml
|
root@x:~# ls -la /opt/puppetlabs/puppet/cache/state/last_run_report.yaml |
-rw-r----- 1 root root 117739 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/last_run_report.yaml |
root@x:~# |
Evidence on debian package:
root@y:~# puppet config print lastrunreport |
/var/lib/puppet/state/last_run_report.yaml
|
root@y:~# ls -la /var/lib/puppet/state/last_run_report.yaml |
-rw-r----- 1 root root 118278 Nov 19 11:03 /var/lib/puppet/state/last_run_report.yaml |
root@y:~# |
https://tickets.puppetlabs.com/browse/PUP-3163, https://tickets.puppetlabs.com/browse/PUP-3156
Here is stated that the directory /var/lib/puppet/state/ and /var/lib/puppet/reports, need to be at least world readable.
And currently that directory are world readable.
Evidence on puppetlabs package:
root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/state/ |
drwxr-xr-t 3 root root 4096 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/ |
root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/ |
drwxr-x--- 10 puppet puppet 4096 May 3 2016 /opt/puppetlabs/puppet/cache/ |
root@x:/etc/puppetlabs/code/environments/development# |
Evidence on debian package:
root@y:~# ls -ld /var/lib/puppet/state/ |
drwxr-xr-t 3 puppet puppet 4096 Nov 19 11:03 /var/lib/puppet/state/ |
root@y:~# ls -ld /var/lib/puppet/ |
drwxr-x--- 9 puppet puppet 4096 May 16 2016 /var/lib/puppet/ |
root@y:~# |
Based on that condition,
/var/lib/puppet/state/last_run_report.yaml
is not world readable.
Attachments
Issue Links
- relates to
-
PUP-8922 Look at the permissions of files in /cache/state/
-
- Resolved
-
