Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6936

unable to read last_run_summary.yaml from user

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: PUP 4.7.0, PUP 5.5.z
    • Fix Version/s: None
    • Component/s: None
    • Environment:

      Debian Jessie
      puppetlabs repository and debian repository

    • Template:
      PUP Bug Template
    • Acceptance Criteria:
      Hide

      Or:
      1) File /var/lib/puppet/state/last_run_summary.yaml readable by all of the users in the system,
      2) A good and documented reason why this is not good.

      Show
      Or: 1) File /var/lib/puppet/state/last_run_summary.yaml readable by all of the users in the system, 2) A good and documented reason why this is not good.
    • Team:
      Coremunity
    • Method Found:
      Customer Feedback
    • CS Priority:
      Reviewed
    • CS Frequency:
      1 - 1-5% of Customers
    • CS Severity:
      3 - Serious
    • CS Business Value:
      2 - $$$
    • CS Impact:
      Customer wants to use this file to monitor their agent runs and not run monitoring as the root user which causes file to be inaccessible without other action to move it or change permissions.

      Description

      The last_run_summary.yaml is not readable by users.

      Editing since the first publishing, because i have noticed that i have mixed puppetlabs packages and debian packages.

      Detailed of packages installed:

      Evidence on puppetlabs package:

      root@x:~# dpkg -l puppet-agent
      Desired=Unknown/Install/Remove/Purge/Hold
      | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
      |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
      ||/ Name           Version      Architecture Description
      +++-==============-============-============-=================================
      ii  puppet-agent   1.8.0-1jessi amd64        The Puppet Agent package contains
      root@x:~# 
      

      Evidence on debian package:

      root@y:~# dpkg -l puppet
      Desired=Unknown/Install/Remove/Purge/Hold
      | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
      |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
      ||/ Name           Version      Architecture Description
      +++-==============-============-============-=================================
      ii  puppet         3.7.2-4      all          configuration management system, 
      root@y:~# 
      
      

      Based on old tickets:
      https://projects.puppetlabs.com/issues/15471, https://github.com/puppetlabs/puppet/commit/0f13cf5
      Here is stated that the file read last_run_summary.yaml should be world readable.

      Evidence on puppetlabs package:

      root@x:~#  puppet config print lastrunreport
      /opt/puppetlabs/puppet/cache/state/last_run_report.yaml
      root@x:~# ls -la /opt/puppetlabs/puppet/cache/state/last_run_report.yaml
      -rw-r----- 1 root root 117739 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/last_run_report.yaml
      root@x:~# 
      

      Evidence on debian package:

      root@y:~# puppet config print lastrunreport
      /var/lib/puppet/state/last_run_report.yaml
      root@y:~# ls -la /var/lib/puppet/state/last_run_report.yaml
      -rw-r----- 1 root root 118278 Nov 19 11:03 /var/lib/puppet/state/last_run_report.yaml
      root@y:~# 
      

      https://tickets.puppetlabs.com/browse/PUP-3163, https://tickets.puppetlabs.com/browse/PUP-3156
      Here is stated that the directory /var/lib/puppet/state/ and /var/lib/puppet/reports, need to be at least world readable.
      And currently that directory are world readable.

      Evidence on puppetlabs package:

      root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/state/ 
      drwxr-xr-t 3 root root 4096 Nov 19 10:54 /opt/puppetlabs/puppet/cache/state/
      root@x:/etc/puppetlabs/code/environments/development# ls -lad /opt/puppetlabs/puppet/cache/       
      drwxr-x--- 10 puppet puppet 4096 May  3  2016 /opt/puppetlabs/puppet/cache/
      root@x:/etc/puppetlabs/code/environments/development# 
      

      Evidence on debian package:

      root@y:~# ls -ld /var/lib/puppet/state/
      drwxr-xr-t 3 puppet puppet 4096 Nov 19 11:03 /var/lib/puppet/state/
      root@y:~# ls -ld /var/lib/puppet/      
      drwxr-x--- 9 puppet puppet 4096 May 16  2016 /var/lib/puppet/
      root@y:~# 
      

      Based on that condition,
      /var/lib/puppet/state/last_run_report.yaml
      is not world readable.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                Rocco83 Daniele Palumbo
              • Votes:
                5 Vote for this issue
                Watchers:
                15 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Zendesk Support