Package: puppet-common
Version: 3.7.0-1
I have a bunch of logcheck rules in /etc/logcheck/ignore.d.paranoid/mylogcheck,
served by puppet.
If I query puppet about it as root, I get this:
# puppet resource file /etc/logcheck/ignore.d.paranoid/mylogcheck
file { '/etc/logcheck/ignore.d.paranoid/mylogcheck':
ensure => 'file',
content => '{md5}88fc34cf0e49645dc5635ee44ec803a4',
ctime => '2014-09-13 13:12:13 +0200',
group => '116',
mode => '640',
mtime => '2014-09-13 13:12:13 +0200',
owner => '0',
type => 'file',
}
but if I query about it as a normal user, I get this:
$ puppet resource file /etc/logcheck/ignore.d.paranoid/mylogcheck
Warning: /File[/etc/logcheck/ignore.d.paranoid/mylogcheck]: Could not stat;
permission denied
file { '/etc/logcheck/ignore.d.paranoid/mylogcheck':
ensure => 'absent',
}
The ensure => 'absent' part is simply not true.
The "ignore.d.paranoid" directory above is root:logcheck and it has
"rwxr-s---" permissions, so the considered file may not even be
accessed.
It should be noted that puppet gives a proper error for files it can
access but not read. In fact, if I change "ignore.d.paranoid" to be
mode 755 and try again as a normal user, I get this instead:
$ puppet resource file /etc/logcheck/ignore.d.paranoid/mylogcheck
Error: Could not run: Could not read file
/etc/logcheck/ignore.d.paranoid/mylogcheck: Permission denied @ rb_sysopen -
/etc/logcheck/ignore.d.paranoid/mylogcheck
So, maybe this could be fixed by considering this case as an Error and
not as a Warning.
Thanks.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
