[PUP-4434] File type can't only use setgid for directory, and skip over files Created: 2015/04/17 Updated: 2017/01/30 Resolved: 2017/01/30
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
(Note, this was manually copied from a redmine ticket)
Given a directory:
You may wish to recursively ensure a certain mode such as: u=rw,g=r As you all know, this cleverly adds +x to directories, but not to files. (good!) You may also decide that you’d like to setgid (+s) for the directory…
… but NOT for it’s contents. These two semantics are very different, since setgid for a directory, ensures new files/dirs have the group you want, however adding this to an executable file can be quite dangerous!
You can’t do this:
because that’s a duplicate definition. So: by default, I think:
I marked this as high, because I think the current behaviour is very dangerous.
I stumbled upon this problem when I realized setgid is a useful property to add to /etc/puppet/, but not for /etc/puppet/files/*
|Comment by Lee Lowder [ 2015/04/17 ]|
https://projects.puppetlabs.com/issues/20001 (original ticket)
|Comment by Eric Sorenson [ 2017/01/30 ]|
Gonna mark this as closed/wont'fix since it is quite a rare issue and there is a valid workaround.