Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-4434

File type can't only use setgid for directory, and skip over files

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:
    • CS Priority:
      Trivial

      Description

      (Note, this was manually copied from a redmine ticket)

      Given a directory:

      $dir = '/some/dir/'
      

      You may wish to recursively ensure a certain mode such as: u=rw,g=r As you all know, this cleverly adds +x to directories, but not to files. (good!) You may also decide that you’d like to setgid (+s) for the directory…

      File { "${dir}":
              mode => 'u=rw,g=rs,o=r',
              recurse => true,
      }
      

      … but NOT for it’s contents. These two semantics are very different, since setgid for a directory, ensures new files/dirs have the group you want, however adding this to an executable file can be quite dangerous!

      You can’t do this:

      File { "${dir}":
              mode => 'u=rw,g=r,o=r',
              recurse => true,
      }
       
      File { "${dir}":
              mode => 'g+s',
              recurse => false,
      }
      

      because that’s a duplicate definition. So: by default, I think:
      1. +s for g should act like +x currently does (except opposite) — for +s only apply it to the directory, even when recurse is true.
      2. If some flag like recurse_setgid => true, then you can recursively add the +s

      I marked this as high, because I think the current behaviour is very dangerous.

      I stumbled upon this problem when I realized setgid is a useful property to add to /etc/puppet/, but not for /etc/puppet/files/*

      Workaround:

      exec { "/bin/chmod g+s ${dir}":
          onlyif => "/usr/bin/test -d '${dir}' && /usr/bin/test ! -g '${dir}'",
          require => File["${dir}"],
      }
      

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                lee Lee Lowder
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support