Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5491

The "client_data" Directory Permissions Incorrect After Installation

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • None
    • Windows

    Description

      Description

      If a user installs the Puppet Agent and allows the service to start after installation the ACE on the "client_data" directory will be incorrect:

      C:\ProgramData\PuppetLabs\puppet>icacls.exe cache\client_data
      cache\client_data BUILTIN\Administrators:(F)
                        NT AUTHORITY\SYSTEM:(RX)
                        Everyone:(Rc,S,RA)
                        CREATOR OWNER:(CI)(IO)(F)
                        CREATOR GROUP:(CI)(IO)(RX)
                        CREATOR OWNER:(OI)(IO)(R,W,D,WDAC,WO,DC)
                        CREATOR GROUP:(OI)(IO)(R)
       
      Successfully processed 1 files; Failed processing 0 files

      Note: This assumes that the "puppet" server does not actually exist. This would happen in the situation where a user will interactively install the MSI and leave the default "puppet" server name. After the installation the user would have to manually update the "puppet.conf" to point to the correct master server.

      Attachments

      • None

      Repro Steps

      1. Open a console and install the Puppet Agent onto the SUT (Note: The service is NOT disabled when the agent is installed):

        msiexec.exe /i puppet-agent-1.2.7.421.g9c0a93a-x64.msi /qn /L*V C:\Windows\TEMP\install-puppet.log

      2. Get the ACL for the "C:\ProgramData\PuppetLabs\puppet\cache\client_data" directory:

        cd C:\ProgramData\PuppetLabs\puppet
        icacls.exe cache\client_data
        

      Expect

      The ACE for SYSTEM should be full control.

      Actual

      The ACE for SYSTEM is only RX:

      C:\ProgramData\PuppetLabs\puppet>icacls.exe cache\client_data
      cache\client_data BUILTIN\Administrators:(F)
                        NT AUTHORITY\SYSTEM:(RX)
                        Everyone:(Rc,S,RA)
                        CREATOR OWNER:(CI)(IO)(F)
                        CREATOR GROUP:(CI)(IO)(RX)
                        CREATOR OWNER:(OI)(IO)(R,W,D,WDAC,WO,DC)
                        CREATOR GROUP:(OI)(IO)(R)
       
      Successfully processed 1 files; Failed processing 0 files

      Attachments

        Issue Links

          Activity

            People

              glenn.sarti Glenn Sarti
              ryan.gard Ryan Gard
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support