Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9463

Save X509 objects with the correct permissions

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.0
    • Component/s: None
    • Template:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Updates the new ssl code to preserve existing behavior when saving SSL related files.
    • QA Risk Assessment:
      Needs Assessment

      Description

      When running as root/privileged user, and the Puppet[:user]/Puppet[:group] accounts exist, then puppet should set the owner and group for many of its SSL related files to that user/group. This is needed so that puppetserver running on the same host can share the client cert/private key.

      When running as root/privileged user, and the Puppet[:user]/Puppet[:group] accounts don't exist, then it should leave the owner/group as is, but enforce the mode as defined in the settings object, eg :hostprivkey.

      When running as a non-privileged user, it should enforce the mode as defined in the settings object, eg :hostprivkey.

        Attachments

          Activity

            People

            Assignee:
            josh Josh Cooper
            Reporter:
            josh Josh Cooper
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support