Adam Heinz
2012-Apr-17 15:42 UTC
[Puppet Users] file type with links => follow uses wrong permissions if not explicit
I think I''ve hit a minor permissions bug using
puppet-2.6.13-2.el6.noarch from EPEL on CentOS 6. In order to
reproduce production bugs on a test environment, I use puppet to copy
the latest backup to a test server, followed by the remainder of the
puppet-driven configuration necessary. I just started using symlinks,
so I added links => follow to the file type.
File {
group => root,
owner => root,
}
file { "/var/lib/mysql/backups/current.sql.gz":
backup => false,
links => follow,
source => "puppet:///files/backups/current.sql.gz",
}
When I kicked puppet on the test machine, it set the file permissions
to the permissions of the link itself, not the file the link pointed
to.
Apr 17 10:55:37 test1 puppet-agent[1807]:
(/Stage[main]/Testserver/File[/var/lib/mysql/backups/current.sql.gz]/mode)
mode changed ''644'' to ''777''
So the obvious workaround is to explicitly set the permissions on the
file type, instead of relying on puppet to preserve the permissions of
the source file.
puppetmaster # ls -l /var/lib/mysql/backups
-rw-r--r-- 1 root root 4330512 Apr 17 00:22 2012-04-17.sql.gz
lrwxrwxrwx 1 root root 14 Apr 17 10:45 current.sql.gz ->
2012-04-17.sql.gz
Put in a bug for this? (I don''t currently appear to have permissions
to do so.)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2012-Apr-18 12:59 UTC
[Puppet Users] Re: file type with links => follow uses wrong permissions if not explicit
On Apr 17, 10:42 am, Adam Heinz <a...@metricwise.net> wrote:> I think I''ve hit a minor permissions bug using > puppet-2.6.13-2.el6.noarch from EPEL on CentOS 6. In order to > reproduce production bugs on a test environment, I use puppet to copy > the latest backup to a test server, followed by the remainder of the > puppet-driven configuration necessary. I just started using symlinks, > so I added links => follow to the file type. > > File { > group => root, > owner => root, > > } > > file { "/var/lib/mysql/backups/current.sql.gz": > backup => false, > links => follow, > source => "puppet:///files/backups/current.sql.gz", > } > > When I kicked puppet on the test machine, it set the file permissions > to the permissions of the link itself, not the file the link pointed > to. > > Apr 17 10:55:37 test1 puppet-agent[1807]: > (/Stage[main]/Testserver/File[/var/lib/mysql/backups/current.sql.gz]/mode) > mode changed ''644'' to ''777'' > > So the obvious workaround is to explicitly set the permissions on the > file type, instead of relying on puppet to preserve the permissions of > the source file. > > puppetmaster # ls -l /var/lib/mysql/backups > -rw-r--r-- 1 root root 4330512 Apr 17 00:22 2012-04-17.sql.gz > lrwxrwxrwx 1 root root 14 Apr 17 10:45 current.sql.gz -> 2012-04-17.sql.gz > > Put in a bug for this? (I don''t currently appear to have permissions to do so.)At minimum the documentation should be improved here, so I would suggest you file a ticket. Puppet does not document what mode is applied when the manifest does not specify one, however, so I wouldn''t characterize this as a bug per se. Nevertheless, the behavior you expected would be reasonable, and perhaps a feature request on this subject would be accepted. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Adam Heinz
2012-Apr-18 18:28 UTC
Re: [Puppet Users] Re: file type with links => follow uses wrong permissions if not explicit
Ticket filed. http://projects.puppetlabs.com/issues/14066 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.