Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6393

/var/lib/puppet/state permission check within RPM

    XMLWordPrintable

    Details

    • Template:
    • Team:
      Platform OS

      Description

      Found the following issue when I tried to make the system PCI-DSS v3 compliant:

      [root@puppet-agent ~]# rpm -Va --nofiledigest | grep '^.M'
      .M.......    /var/lib/puppet/state
      [root@puppet-agent ~]# 
      

      This is happening because of the permissions on /var/lib/puppet/state changes with each puppet run.
      RPM states that it should not have the sticky bit enabled or permissions of "others", but puppet is setting them after each run.

      File System RPM Package
      drwxr-xr-t drwxr-x---

      [root@puppet-agent ~]# ls -la /var/lib/puppet | grep state
      drwxr-xr-t  3 puppet puppet 4096 Jun  8 14:45 state
      [root@puppet-agent ~]# rpm --setperms puppet
      [root@puppet-agent ~]# ls -la /var/lib/puppet | grep state
      drwxr-x---  3 puppet puppet 4096 Jun  8 14:45 state
      [root@puppet-agent ~]# puppet agent --test
      Info: Retrieving pluginfacts
      [...]
      Notice: Finished catalog run in 2.90 seconds
      [root@puppet-agent ~]# ls -la /var/lib/puppet | grep state
      drwxr-xr-t  3 puppet puppet 4096 Jun  8 14:45 state
      [root@puppet-agent ~]#
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            mihai.cornateanu@itmanager.ro Mihai-George Cornateanu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support