Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-4401

ssh_key purge on a authorized_key file belonging to different user

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: PUP 3.7.4
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Hello,
      I am useing a modified version of the module "sshkeys" from sudorenko to manage my users and ssh_keys. In favor to our SLAs I modified it in that way that I can change the target and ownerchips and permissions. All works fine so far - purgeing ssh_keys, readding them and so on. However as soon as I change the ownerchip of the authorized_keys (/etc/keys/$USERNAME/authorized_keys) and try to remove a key from the file i get:

      "Error: Puppet::Util::FileType::FileTypeFlat could not write /etc/keys/puppettest1/test_keys: Permission denied - /etc/keys/puppettest1/test_keys
      Error: /Stage[main]/Sshkeys/Sshkeys::User[puppettest1]/Ssh_authorized_key[hesemeyert_at_puppettest1@template-centos-5.onet.itenos.de]: Could not evaluate: Puppet::Util::FileType::FileTypeFlat could not write /etc/keys/puppettest1/test_keys: Permission denied - /etc/keys/puppettest1/test_keys"

      The reason for that is to me clear. Puppet runs as root but tries to remove the key as user "puppettest1" which is not possible as the file belongs to root.

      For SLA reasons my authorized_keys MUST not belong to the user nor does the user to have writepermissions

      Is there a way of telling the tell the refference "user" to run as root rather then as user.

      As this is my first post I hope to do it correctly.

      THX for your help

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                haxus Timo Bergemann
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support