Hi > That is a major security issue. I cannot recommend Puppet to my > clients if I get different results on my filesystem than from my > manifest. > > Is there a consistent culture or policy in the Puppet community to > override explicit security configurations? It must be explicitly > avoided in an audit, if that's the case. If there is no policy, > perhaps we should define one?
the only existing culture is that for file resources directories automatically get the execute bit. I don't yet see why you'd like to have a directory without the execute flag set, maybe you can explain? This "feature" is one side very helpfull if you have recursive directories to manage, maybe you know the other side where it isn't that helpfull. Could you outline what you'd like to have in this policy. Not explicitly for this question you raised but more in general. Maybe it's indeed interesting to have one. cheers pete --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---