On Wed, 2011-06-01 at 01:15 -0700, Patrick wrote: > On May 31, 2011, at 10:59 PM, Luke Kanies wrote: > > > On May 27, 2011, at 12:44 AM, Brice Figureau wrote: > > > >> Then to the second issue, it seems the the FileSetting only allow either > >> "root" or "service" as owner and group. That means my aforementioned > >> example wouldn't even work. Since the agent usually run as root, it > >> should be able to set different owners. > >> Was it done like this by design, or is it a bug I should first target? > > > > Sorry; I commented on your patch instead of here. > > > > This was done intentionally, because it dramatically simplifies all of the > > code involved, and because I literally couldn't find a single case where > > the user was set to anything other than root or $user. > > > > Given that you could make it world readable or some equivalent, this seems > > like a large change in functionality that has very limited utility. > > I'll admit that I can't understand why someone would want to change > the owner or group, but I would consider making the file > world-readable a bad idea if the storeconfigs password is in the file > in clear-text.
Sorry if I wasn't clear, but I'm not talking about configuration files of any kind. I'm talking about files generated by puppet and consummed by other actors (in our specific case the lastrunfile). The FileSetting above is an object handling configuration settings of file or directories managed by puppet (like $vardir or ssl files). It supports a special configuration that allows the user to specify a different mode, owner and group... Except that changing owner and group is pretty limited: your only choices are "root" or the "service user". -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
