Bug 495096 - puppet SPEC file defines improper modes for some directories
Summary: puppet SPEC file defines improper modes for some directories
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: puppet
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Todd Zullinger
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-04-09 18:11 UTC by Jim Pirzyk
Modified: 2009-09-12 17:53 UTC (History)
5 users (show)

Fixed In Version: 0.24.8-4.el4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-11 23:24:20 UTC
Type: ---


Attachments (Terms of Use)

Description Jim Pirzyk 2009-04-09 18:11:49 UTC
Description of problem:

puppet needs the mode of /var/log/puppet to be 750 and /var/run/puppet to be 1755, the spec files installs these directories as 755.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install puppet RPM, note directory modes
2. Run puppetd
3. run rpm --check puppet 
  
Actual results:


Expected results:


Additional info:

Comment 1 Till Maas 2009-05-27 15:03:23 UTC
Reproducable in puppet-0.24.8-1.fc10

Comment 2 Todd Zullinger 2009-05-29 15:59:58 UTC
I think the proper solution for us it to avoid the 1777 mode on /var/run/puppet.  We know that it's owned by puppet and that user will be present due to our packaging, so the 1777 really doesn't make sense for us, AFAICT.  (Please correct me if I'm wrong!)

I'll talk to upstream and see if we can't patch things in a way that works for all concerned and avoid resetting the mode on /var/run/puppet.  If that's not possible, we can patch the puppet defaults.rb locally as a last resort.

I think it's puppetmasterd that resets the mode on /var/log/puppet, as I couldn't reproduce this using only puppetd.  But either way, tightening the permissions shouldn't cause any harm, so we can correct the spec file and not cause the rpm verification problem in the future.

Comment 3 Bug Zapper 2009-06-09 13:33:50 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 4 Jeroen van Meeuwen 2009-06-24 13:23:33 UTC
We can actually describe the permissions we need on /var/run/puppet/ in the %files section, and in defaults.rb by just changing the default.

I'm going to do that now, bearing in mind that we do need to contact upstream on whether install.rb can be fixed in this regard. I've set it to mode 0755 to enable 'other' users to read the pid file.

Continuing this conversation upstream seems like the best thing to do right now, but let's not hold back our solution to this problem.

Comment 5 Todd Zullinger 2009-06-24 13:38:19 UTC
I have talked with upstream and I believe our best course of action is to patch the puppet defaults.rb to avoid setting such loose perms on /var/run/puppet.  I've just been sidetracked with other things the past week or two and have not had time to follow up on this.  Unless there is a rush, I'll work on finishing the small patch and adding it to rawhide in the next week.  Upstream (well, Luke) is alright with this, as the reasons for setting 1777 perms on /var/run/puppet are a bit sticky (pun intended).

Comment 6 Jeroen van Meeuwen 2009-06-24 14:09:16 UTC
/me is doing this right now, using 0755 for /var/run/puppet/ by means of a tiny patch changing the default, so that we can continue talking to upstream about the exact right solution without as much pressure.

Comment 7 Todd Zullinger 2009-06-24 14:19:39 UTC
Good deal.  Are you planning to also include something like this to fix the log dir?

-install -d -m0755 %{buildroot}%{_localstatedir}/log/puppet
+install -d -m0750 %{buildroot}%{_localstatedir}/log/puppet

That looked cleaner to me than putting it in %files, but either way should work.

Comment 8 Fedora Update System 2009-08-10 15:04:12 UTC
puppet-0.24.8-4.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/puppet-0.24.8-4.fc10

Comment 9 Fedora Update System 2009-08-10 15:04:37 UTC
puppet-0.24.8-4.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/puppet-0.24.8-4.el5

Comment 10 Fedora Update System 2009-08-10 15:05:01 UTC
puppet-0.24.8-4.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/puppet-0.24.8-4.fc11

Comment 11 Fedora Update System 2009-08-10 15:05:26 UTC
puppet-0.24.8-4.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/puppet-0.24.8-4.el4

Comment 12 Fedora Update System 2009-08-11 20:36:55 UTC
puppet-0.24.8-4.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update puppet'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0262

Comment 13 Fedora Update System 2009-08-11 20:37:26 UTC
puppet-0.24.8-4.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update puppet'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-4/FEDORA-EPEL-2009-0253

Comment 14 Fedora Update System 2009-08-11 22:33:53 UTC
puppet-0.24.8-4.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update puppet'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8477

Comment 15 Fedora Update System 2009-08-11 22:38:19 UTC
puppet-0.24.8-4.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update puppet'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-8494

Comment 16 Fedora Update System 2009-09-11 23:23:51 UTC
puppet-0.24.8-4.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2009-09-11 23:36:39 UTC
puppet-0.24.8-4.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2009-09-12 17:51:59 UTC
puppet-0.24.8-4.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2009-09-12 17:53:33 UTC
puppet-0.24.8-4.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.