Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9812

With "root" account, Puppet "ssh_authorized_keys" create file "authorized_keys" & change the owner & group

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Types and Providers
    • Labels:
      None
    • Environment:

      This case is tested with:

      PE: 2018.1.x v
      OS: RHEL 6.9 and Centos 7.0

    • Template:
    • QA Risk Assessment:
      Needs Assessment

      Description

      ssh_authorized_key { 'everetv@magpie.example.com': 
      ensure => present, 
      user => 'everetv', 
      type => 'ssh-rsa', 
      key => 'AAAAB3Nza[...]qXfdaQ==', 
      target => '/opt/sysadm/etc/ssh_keys/everetv/authorized_keys', 
      }
      

      By default, in this example, the resource type "ssh_authorized_key" looks for the file "authorized_keys" owned by the specific user "everetv" inside the directory "/opt/sysadm/etc/ssh_keys/everetv/". In the secure environment, this file can't be created as a specific user and end with following error.

      Error: /Stage[main]/Main/Ssh_authorized_key[everetv@magpie.example.com]: Could not evaluate: Permission denied @ dir_s_mkdir - /opt/sysadm/etc/ssh_keys/everetv 
      

      Running agent service as root, there should be a feature to create the key file and change an owner and group as per property is given while defining the resource.

      This feature will be very handy to deal with the security requirement of the organization where the "non-root" account is not permitted to create the files.

      This case is raised in connection with customer ticket "https://puppetlabs.zendesk.com/agent/tickets/35293"

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              maheswaran Maheswaran Shanmugam
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support