Skip to content

Set owner of server config.ini to root#358

Merged
bastelfreak merged 1 commit into
puppetlabs:mainfrom
ekohl:set-owner-to-root
Jul 31, 2023
Merged

Set owner of server config.ini to root#358
bastelfreak merged 1 commit into
puppetlabs:mainfrom
ekohl:set-owner-to-root

Conversation

@ekohl

@ekohl ekohl commented Sep 16, 2022

Copy link
Copy Markdown
Contributor

The puppetdb user doesn't need to write to the config (it's managed by Puppet after all) so setting the owner to root and using the group to only read is safer.

It is also closer to packaging, which ensures the owner is root after a package update. Ideally packaging would use the same group and mode as well so there isn't an event after a package update, but this change at least trims it down from 3 changes to 2.

@ekohl ekohl requested a review from a team as a code owner September 16, 2022 10:18
@puppet-community-rangefinder

Copy link
Copy Markdown

puppetdb::server::global is a class

that may have no external impact to Forge modules.

This module is declared in 33 of 579 indexed public Puppetfiles.


These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@ekohl

ekohl commented Sep 16, 2022

Copy link
Copy Markdown
Contributor Author

It is also closer to packaging, which ensures the owner is root after a package update. Ideally packaging would use the same group and mode as well so there isn't an event after a package update, but this change at least trims it down from 3 changes to 2.

Any idea where the RPM spec for this is so I can submit a PR?

The puppetdb user doesn't need to write to the config (it's managed by
Puppet after all) so setting the owner to root and using the group to
only read is safer.

It is also closer to packaging, which ensures the owner is root after a
package update. Ideally packaging would use the same group and mode as
well so there isn't an event after a package update, but this change at
least trims it down from 3 changes to 2.
@ekohl ekohl force-pushed the set-owner-to-root branch from bfe7799 to 010bf13 Compare July 31, 2023 08:43
@bastelfreak bastelfreak merged commit d34409b into puppetlabs:main Jul 31, 2023
@ekohl ekohl deleted the set-owner-to-root branch July 31, 2023 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants