[PUP-9398] Race condition exists when cron resource specified but cron is not installed and gets installed by puppet Created: 2019/01/04  Updated: 2019/01/07

Status: Accepted
Project: Puppet
Component/s: None
Affects Version/s: PUP 5.3.6, PUP 6.1.0
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Joseph Marcelletti Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: cron, linux, type_and_provider
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template: PUP Bug Template
Team: Platform OS
Method Found: Needs Assessment
QA Risk Assessment: Needs Assessment

 Description   

Puppet Version: All tested (latest)
Puppet Server Version: 4, 5, 6.1.0
OS Name/Version: Centos 6/7

When a system does not have a cron handler installed, but the manifest installs cron and then installs a cron entry for a user, the cron entry will NOT get added to the user but instead to root. If you run again it will install for the user. This is obviously not intended and can potentially create a security risk (as cronjobs will run as root unintended). More importantly, it breaks stuff.

Here is a sample that you can replace your site.pp with and run against an agent to reproduce:

# Make sure cronie is NOT installed (or any cron provider) for the sample race condition.
package { 'cronie':
  ensure => installed,
}
 
cron { 'race_condition_test':
  ensure => present,
  user => 'nobody', # This can be any user as long as they exist.
  minute => '*/30',
  command => '/bin/false',
  require => Package['cronie'],
}

The first time you run this it will install cronie, and install this crontab under root.
Every time you run after it will install / verify the cron entry exists for the user 'nobody'.

 


Generated at Wed Nov 20 22:22:14 PST 2019 using JIRA 7.7.1#77002-sha1:e75ca93d5574d9409c0630b81c894d9065296414.