Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6393

/var/lib/puppet/state permission check within RPM

    Details

    • Template:
    • Team:
      Platform OS

      Description

      Found the following issue when I tried to make the system PCI-DSS v3 compliant:

      [root@puppet-agent ~]# rpm -Va --nofiledigest | grep '^.M'
      .M.......    /var/lib/puppet/state
      [root@puppet-agent ~]# 
      

      This is happening because of the permissions on /var/lib/puppet/state changes with each puppet run.
      RPM states that it should not have the sticky bit enabled or permissions of "others", but puppet is setting them after each run.

      File System RPM Package
      drwxr-xr-t drwxr-x---

      [root@puppet-agent ~]# ls -la /var/lib/puppet | grep state
      drwxr-xr-t  3 puppet puppet 4096 Jun  8 14:45 state
      [root@puppet-agent ~]# rpm --setperms puppet
      [root@puppet-agent ~]# ls -la /var/lib/puppet | grep state
      drwxr-x---  3 puppet puppet 4096 Jun  8 14:45 state
      [root@puppet-agent ~]# puppet agent --test
      Info: Retrieving pluginfacts
      [...]
      Notice: Finished catalog run in 2.90 seconds
      [root@puppet-agent ~]# ls -la /var/lib/puppet | grep state
      drwxr-xr-t  3 puppet puppet 4096 Jun  8 14:45 state
      [root@puppet-agent ~]#
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mihai.cornateanu@itmanager.ro Mihai-George Cornateanu
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support