Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-1226

puppet breaking setuid bit on group change

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: PUP 3.6.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:
    • Team:
      Coremunity

      Description

      We have a puppet module that's trying to manage owner, group
      and setuid bit on /bin/nice:

      file

      { "/bin/nice": owner => root, group => root, mode => 6555, }

      If the mode is correct, but group is wrong, puppet will fix the
      group and lose the setuid bit:

      1. chgrp bin /bin/nice
      2. chmod 6555 /bin/nice
      3. ls -l /bin/nice
        -r-sr-sr-x 1 root bin 23424 Jan 26 17:12 /bin/nice
      4. pkill -USR1 puppet

      Jun 29 22:26:29 xsp4 puppetd[21024]: Caught USR1; calling reload
      Jun 29 22:26:32 xsp4 puppetd[21024]: (/Stage[main]/SomeSystem::Nice/File[/bin/nice]/group) group changed 'bin' to 'root'
      Jun 29 22:26:33 xsp4 puppetd[21024]: Finished catalog run in 1.86 seconds

      1. ls -l /bin/nice
        -r-xr-xr-x 1 root root 23424 Jan 26 17:12 /bin/nice

      And puppet then needs a second run to fix the setuid bit:

      1. pkill -USR1 puppet

      Jun 29 22:26:44 xsp4 puppetd[21024]: (/Stage[main]/SomeSystem::Nice/File[/bin/nice]/mode) mode changed '555' to '6555'

      1. ls -l /bin/nice
        -r-sr-sr-x 1 root root 23424 Jan 26 17:12 /bin/nice

      This has only been tested on v0.25.4 on RHEL5.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            redmine.exporter redmine.exporter
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support