Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-2590

/sbin/puppetdb ssl-setup breaks file permissions on /etc/puppetdb/conf.d/jetty.ini

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PDB 2.3.8
    • Fix Version/s: PDB 7.4.0, PDB 6.17.0
    • Component/s: None
    • Labels:
      None
    • Environment:

      [rbhe@puppet ~]$ rpm -qa | grep puppetdb
      puppetdb-terminus-2.3.8-1.el7.noarch
      puppetdb-2.3.8-1.el7.noarch

    • Template:
    • Team:
      HA
    • Story Points:
      2
    • Sprint:
      HA 2020-05-19
    • Release Notes:
      Security Fix
    • Release Notes Summary:
      Hide
      The ssl-setup command (which is also invoked by the PuppetDB package installation scripts) should handle ssl-related filesystem permissions more carefully. Previously it might reset them when it shouldn't have, and/or leave them briefly with incorrect, potentially overly permissive values.
      Show
      The ssl-setup command (which is also invoked by the PuppetDB package installation scripts) should handle ssl-related filesystem permissions more carefully. Previously it might reset them when it shouldn't have, and/or leave them briefly with incorrect, potentially overly permissive values.

      Description

      The package "puppetdb" creates template /etc/puppetdb/conf.d/jetty.ini with proper permissions of puppetdb:puppetdb.

      When running /sbin/puppetdb ssl-setup the file permissions change to "root" "root". If your umask is restrictive (e.g. 027) puppetdb start failes.

      The attached fix keeps the original file permissions initially set via rpm.

      Another note: commands should be chained with && to avoid creating "broken" config files.

        Attachments

          Activity

            People

            Assignee:
            rob.browning Rob Browning
            Reporter:
            elconas Robert Heinzmann
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support