Hi Everyone; Why does running "puppet resource" require root/sudo access? Is it supposed to be this way or do I have a permissions issue? I installed using the gzip files... Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Douglas Brancaglion
2012-Jun-26 00:29 UTC
Re: [Puppet Users] Puppet commands require root access
use sudo command in exec, no problem, but you need to configure sudoers file. 2012/6/25 Worker Bee <beeworker08@gmail.com>> Hi Everyone; > > Why does running "puppet resource" require root/sudo access? Is it > supposed to be this way or do I have a permissions issue? > I installed using the gzip files... > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- Douglas Brancaglion Security Analist -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Of course giving someone ''sudo puppet'' is the same as giving them full root access. Just be aware of that. On Monday, June 25, 2012, Douglas Brancaglion wrote:> use sudo command in exec, no problem, but you need to configure sudoers > file. > > 2012/6/25 Worker Bee <beeworker08@gmail.com <javascript:_e({}, ''cvml'', > ''beeworker08@gmail.com'');>> > >> Hi Everyone; >> >> Why does running "puppet resource" require root/sudo access? Is it >> supposed to be this way or do I have a permissions issue? >> I installed using the gzip files... >> >> Thanks! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com<javascript:_e({}, ''cvml'', ''puppet-users@googlegroups.com'');> >> . >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com <javascript:_e({}, ''cvml'', >> ''puppet-users%2Bunsubscribe@googlegroups.com'');>. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > > -- > Douglas Brancaglion > Security Analist > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com<javascript:_e({}, ''cvml'', ''puppet-users@googlegroups.com'');> > . > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com <javascript:_e({}, ''cvml'', > ''puppet-users%2Bunsubscribe@googlegroups.com'');>. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- twitter: @procnetdev -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Monday, June 25, 2012 4:46:39 PM UTC-5, Worker Bee wrote:> > Why does running "puppet resource" require root/sudo access? Is it > supposed to be this way or do I have a permissions issue? > I installed using the gzip files... >I guess in principle it''s for the same reason that the agent needs to run with root privilege: it otherwise doesn''t have sufficient access to do its job. In practice, I can''t think of very many things I would expect ''puppet resource'' to be able to find out that are actually privileged, at least on the systems I''m familiar with. There are a few, however, including system passwords (hashes) and service statuses. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/WIs11BnU8GUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Stefan Schulte
2012-Jun-26 17:50 UTC
Re: [Puppet Users] Puppet commands require root access
On Mon, Jun 25, 2012 at 05:46:39PM -0400, Worker Bee wrote:> Hi Everyone; > > Why does running "puppet resource" require root/sudo access? Is it > supposed to be this way or do I have a permissions issue? > I installed using the gzip files... > > Thanks! >puppet resource doesnt necessarily require root access. E.g. running »puppet resource group« should show you present groups and it should work as a normal user. Like: % puppet resource group wheel group { ''wheel'': ensure => ''present'', gid => ''10'', } Just note that »puppet resource some_resource_type« needs a suitable provider for the type. Most of the providers specify a few files that have to be executable by the user that is running puppet. The »groupadd« provider e.g. requires the commands "groupadd", "groupdel" and "groupmod". If your unprivileged user doesnt have these commands in $PATH or doesn''t have access rights (I guess ubuntoo ships these commands with mode 0700) puppet will not work. -Stefan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.