-
Type:
New Feature
-
Status: Closed
-
Priority:
Major
-
Resolution: Won't Do
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Types and Providers
-
Labels:None
-
Environment:
This case is tested with:
PE: 2018.1.x v
OS: RHEL 6.9 and Centos 7.0
-
Template:customfield_10700 314737
-
QA Risk Assessment:Needs Assessment
ssh_authorized_key { 'everetv@magpie.example.com': |
ensure => present, |
user => 'everetv', |
type => 'ssh-rsa', |
key => 'AAAAB3Nza[...]qXfdaQ==', |
target => '/opt/sysadm/etc/ssh_keys/everetv/authorized_keys', |
}
|
By default, in this example, the resource type "ssh_authorized_key" looks for the file "authorized_keys" owned by the specific user "everetv" inside the directory "/opt/sysadm/etc/ssh_keys/everetv/". In the secure environment, this file can't be created as a specific user and end with following error.
Error: /Stage[main]/Main/Ssh_authorized_key[everetv@magpie.example.com]: Could not evaluate: Permission denied @ dir_s_mkdir - /opt/sysadm/etc/ssh_keys/everetv
|
Running agent service as root, there should be a feature to create the key file and change an owner and group as per property is given while defining the resource.
This feature will be very handy to deal with the security requirement of the organization where the "non-root" account is not permitted to create the files.
This case is raised in connection with customer ticket "https://puppetlabs.zendesk.com/agent/tickets/35293"
- is duplicated by
-
MODULES-9578 sshkeys_core : Cannot create ssh_authorized_key file in custom directory.
-
- Resolved
-
