Puppet users - Jan 2007 - Default directory permissions

Hello,

What is the justification for having both /var/run/puppet and
/var/lib/puppet/state both world writable and sticky?

Thank you,

-- Rob --




 
____________________________________________________________________________________
Any questions? Get answers on any topic at www.Answers.yahoo.com.  Try it now.

_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On Jan 29, 2007, at 8:31 AM, Robert Mombro wrote:
> Hello,
>
> What is the justification for having both /var/run/puppet and /var/ 
> lib/puppet/state both world writable and sticky?
The run dir needs to be writeable by both root and the
''puppet'' user,
which could probably be accomplished by without the sticky bit, I  
suppose.  Mostly, I did it that way because the run directories I was  
familiar with all had 1777 set, just like /tmp, and I foolishly  
assumed everyone else did the same thing.

As to the statedir, it''s (again) done that way because both puppetd  
and puppetmasterd need write access.  It''s probably sufficient to  
switch to the directory being owned by the puppet user with more  
restrictive modes, since root will always be able to write there.

Please open a bug if you would like this fixed.  It''s a small fix,  
but there''s a bit of testing to do.  Go ahead and set the milestone  
to kermit.

  --
  The covers of this book are too far apart.      -- Ambrose Bierce
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com