On 11.11.10 10:44, Markus Falb wrote: > On 10.11.10 22:02, Douglas Garstang wrote: > >> When no owner or group is specified for the file, the default owner and >> group on the target system seems to default to the same as the owner and >> group on the puppetmaster, if that user exists on the target system. Ie, >> all our files under /etc/puppet are owned by the puppet user, and if I >> don't specify a use/group on a file, they end up being owned by puppet >> on the target. > > Yes, but only if the user puppet has the same uid/gid on both > puppetmaster and target and thats not a safe assumption. >
And even if the uids were in sync, you cannot safely assume that the files on puppetmaster are owned by user puppet. I dont want puppetmaster to be able to change manifests, it needs only read access. So I run puppetmaster as user puppet, but the files belongs to another user. Thats convinient in another way because if the manifests-owning user has shell access you can edit the manifests in-place (development branch only of course ;-) -- Best Regards, Markus Falb
signature.asc
Description: OpenPGP digital signature
