Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-2590

/sbin/puppetdb ssl-setup breaks file permissions on /etc/puppetdb/conf.d/jetty.ini

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • PDB 2.3.8
    • PDB 7.4.0, PDB 6.17.0
    • PuppetDB
    • None

    • [rbhe@puppet ~]$ rpm -qa | grep puppetdb
      puppetdb-terminus-2.3.8-1.el7.noarch
      puppetdb-2.3.8-1.el7.noarch

    • HA
    • 2
    • HA 2020-05-19
    • Security Fix
    • Hide
      The ssl-setup command (which is also invoked by the PuppetDB package installation scripts) should handle ssl-related filesystem permissions more carefully. Previously it might reset them when it shouldn't have, and/or leave them briefly with incorrect, potentially overly permissive values.
      Show
      The ssl-setup command (which is also invoked by the PuppetDB package installation scripts) should handle ssl-related filesystem permissions more carefully. Previously it might reset them when it shouldn't have, and/or leave them briefly with incorrect, potentially overly permissive values.

    Description

      The package "puppetdb" creates template /etc/puppetdb/conf.d/jetty.ini with proper permissions of puppetdb:puppetdb.

      When running /sbin/puppetdb ssl-setup the file permissions change to "root" "root". If your umask is restrictive (e.g. 027) puppetdb start failes.

      The attached fix keeps the original file permissions initially set via rpm.

      Another note: commands should be chained with && to avoid creating "broken" config files.

      Attachments

        Activity

          People

            rob.browning Rob Browning
            elconas Robert Heinzmann
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support