On Friday, February 8, 2013 6:56:55 AM UTC-6, nikolavp wrote: > > I have seen this issue for sure many times. I always forget this and > when I see it while running with --noop, I change the owner and the > group on the file resource. I am +1 on fixing this to have a more > deterministic behaviour > > It seems like a good idea, though to maintain backwards compatibilty, would it be better to have the proposed fixed default to false (ie, maintain current behavior)?
> Best, Nikola > > On Thu, Feb 07, 2013 at 05:48:58PM -0800, Josh Cooper wrote: > > Recently, the issue of copying file modes from remote sources was > discussed > > on the puppet-users mailing list[1], although it equally applies to > owner > > and group. > > > > One issue is what permissions to apply to newly created files when none > are > > specified? Historically, Puppet has always copied the permissions from > the > > file source to the newly created one. However, this causes problems on > > Windows[2] agents due to the way that Puppet emulates POSIX permissions. > We > > break NTFS access control inheritance to ensure the effective > permissions > > are not greater than what Puppet has granted. It also causes problems on > > *nix agents, when the files' source is remote and uid/gids are not > > synchronized. > > > > A second, but related issue, is that Puppet applies the same > > copy-permissions logic to files that already exist. This goes against > what > > jcbollinger said, "unmanaged resources and resource properties should > not > > be modified by Puppet"[3], and what Nigel said, "A core principle of > Puppet > > is that you can choose to only manage the attributes of a resource that > you > > care about, and can leave the rest unmanaged."[4] However, this "bug" > has > > been around so long, at least 0.24.8, that we can't change behaviors in > a > > minor release.[5] > > > > Patrick and I talked about this and would like to propose adding a file > > parameter, something like `use_source_permissions`. If true and > permissions > > are unspecified, Puppet would continue copying source permissions as it > > does today, for both newly created and existing files. This would be the > > default. > > > > If false and permission are unspecified, Puppet would never copy them > from > > the source. Instead the permission defaults for newly created files > would > > be based on the user that Puppet is running as. And the permissions for > > existing files would be unmodified. > > > > Doing so would provide a mechanism for resolving both #5240 and #18931. > > > > Comments and feedback welcome. > > > > Josh > > > > [1] > > > https://groups.google.com/forum/#!msg/puppet-users/CI7pEUHknm4/x-hCGJn6Ms8J > > [2] https://projects.puppetlabs.com/issues/18931 > > [3] > https://groups.google.com/d/msg/puppet-users/CI7pEUHknm4/VtCl9YmeIS0J > > [4] http://projects.puppetlabs.com/issues/5240#note-16 > > [5] https://projects.puppetlabs.com/issues/5240 > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
