Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9463

Save X509 objects with the correct permissions

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.0
    • Component/s: None
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Updates the new ssl code to preserve existing behavior when saving SSL related files.
    • QA Risk Assessment:
      Needs Assessment

      Description

      When running as root/privileged user, and the Puppet[:user]/Puppet[:group] accounts exist, then puppet should set the owner and group for many of its SSL related files to that user/group. This is needed so that puppetserver running on the same host can share the client cert/private key.

      When running as root/privileged user, and the Puppet[:user]/Puppet[:group] accounts don't exist, then it should leave the owner/group as is, but enforce the mode as defined in the settings object, eg :hostprivkey.

      When running as a non-privileged user, it should enforce the mode as defined in the settings object, eg :hostprivkey.

        Attachments

          Activity

            People

            • Assignee:
              josh Josh Cooper
              Reporter:
              josh Josh Cooper
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support