Puppet: System Administration Automated

Support

Ticket #977 (closed defect: fixed)

Opened 8 months ago

Last modified 8 months ago

Directory ownership of /var/puppet/run

Reported by: jamtur01 Assigned to: jamtur01
Priority: normal Milestone:
Component: server Version: 0.24.1
Severity: normal Keywords: rundir permissions
Cc: Triage Stage: Ready for checkin
Attached Patches: Code Complexity: Trivial

Description

Puppet 0.24.1 creates the /var/puppet/run directory (or whatever rundir is) owned by the root user and group. Puppet master tries to start and I presume tries to write the .pid file as the puppet user. It fails with a permission denied error. I've written a very simple patch to update defaults.rb to set the rundir directory with the puppet user and group and appropriate permissions. It's my in repo at git://wormwood.lovedthanlost.net/puppet.git

Change History

12/31/07 23:47:34 changed by jamtur01

  • owner changed from community to luke.
  • complexity changed from Unknown to Trivial.
  • stage changed from Unreviewed to Ready for checkin.

Commit is:

commit 594a5a3522a653ac0d2ddd6217c66c056fad1b60

12/31/07 23:50:05 changed by jamtur01

  • owner changed from luke to jamtur01.
  • status changed from new to assigned.

01/01/08 02:01:53 changed by jamtur01

I checked configuration.rb in 0.23.2. It sets rundir to 01777. This is dropped in defaults.rb in 0.24.1.

The choices become:

first vardir: if user !=0 and process !=puppetmasterd then .puppet/var else /var/puppet

then rundir: if user=0 and process = puppetd/puppetmasterd then /var/run/puppet else $vardir/run

So I can see issues with setting /var/run/puppet or /var/puppet/run to 01777. But is setting either to be owned by the puppet user is that such a bad idea? Up to you obviously or we can do something debian specific.

01/19/08 20:47:29 changed by luke

  • status changed from assigned to closed.
  • resolution set to fixed.

Fixed, although I couldn't use the commit mentioned because it used the mode 0750, and it was reverted from the master branch and not found anywhere else.