Bug 495096
| Summary: | puppet SPEC file defines improper modes for some directories | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jim Pirzyk <jim+redhat> |
| Component: | puppet | Assignee: | Todd Zullinger <tmz> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | cochranb, k.georgiou, opensource, tmz, vanmeeuwen+fedora |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 0.24.8-4.el4 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-11 23:24:20 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jim Pirzyk
2009-04-09 18:11:49 UTC
Reproducable in puppet-0.24.8-1.fc10 I think the proper solution for us it to avoid the 1777 mode on /var/run/puppet. We know that it's owned by puppet and that user will be present due to our packaging, so the 1777 really doesn't make sense for us, AFAICT. (Please correct me if I'm wrong!) I'll talk to upstream and see if we can't patch things in a way that works for all concerned and avoid resetting the mode on /var/run/puppet. If that's not possible, we can patch the puppet defaults.rb locally as a last resort. I think it's puppetmasterd that resets the mode on /var/log/puppet, as I couldn't reproduce this using only puppetd. But either way, tightening the permissions shouldn't cause any harm, so we can correct the spec file and not cause the rpm verification problem in the future. This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping We can actually describe the permissions we need on /var/run/puppet/ in the %files section, and in defaults.rb by just changing the default. I'm going to do that now, bearing in mind that we do need to contact upstream on whether install.rb can be fixed in this regard. I've set it to mode 0755 to enable 'other' users to read the pid file. Continuing this conversation upstream seems like the best thing to do right now, but let's not hold back our solution to this problem. I have talked with upstream and I believe our best course of action is to patch the puppet defaults.rb to avoid setting such loose perms on /var/run/puppet. I've just been sidetracked with other things the past week or two and have not had time to follow up on this. Unless there is a rush, I'll work on finishing the small patch and adding it to rawhide in the next week. Upstream (well, Luke) is alright with this, as the reasons for setting 1777 perms on /var/run/puppet are a bit sticky (pun intended). /me is doing this right now, using 0755 for /var/run/puppet/ by means of a tiny patch changing the default, so that we can continue talking to upstream about the exact right solution without as much pressure. Good deal. Are you planning to also include something like this to fix the log dir?
-install -d -m0755 %{buildroot}%{_localstatedir}/log/puppet
+install -d -m0750 %{buildroot}%{_localstatedir}/log/puppet
That looked cleaner to me than putting it in %files, but either way should work.
puppet-0.24.8-4.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/puppet-0.24.8-4.fc10 puppet-0.24.8-4.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/puppet-0.24.8-4.el5 puppet-0.24.8-4.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/puppet-0.24.8-4.fc11 puppet-0.24.8-4.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/puppet-0.24.8-4.el4 puppet-0.24.8-4.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update puppet'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0262 puppet-0.24.8-4.el4 has been pushed to the Fedora EPEL 4 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update puppet'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-4/FEDORA-EPEL-2009-0253 puppet-0.24.8-4.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update puppet'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8477 puppet-0.24.8-4.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update puppet'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-8494 puppet-0.24.8-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. puppet-0.24.8-4.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. puppet-0.24.8-4.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. puppet-0.24.8-4.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. |