Ask Your Question

puppet runs suddenly started to change file permission (without me doing anything like that)

asked 2013-05-07 10:27:35 -0500

Michael Siebert gravatar image

updated 2013-05-07 10:29:58 -0500

suddenly, puppet seems very fond of the idea that every file resource (which has no explicit mode option defined) should have a file permission of 0664 instead of 0644.

File[/etc/apt/sources.list.d/mariadb-5.5.list]/mode: current_value 0644, should be 0664

Of course, this is complete nonsense and even breaks stuff (e.g. mysql says "hey my config files should not be group-writable, go away!")

I can't find any reference to anything which could have triggered the change and even rolling back to a previous version didn't lead to a change.

Does anybody have an ... (more)

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2013-05-07 13:44:50 -0500

ramindk gravatar image

llowder suggestion is a good one. The other possibility is that files have changed permission on your master. Puppet by default uses the permission of the file on the master.

edit flag offensive delete link more



This happens to me quite a bit when I commit from both Windows and Linux. When I commit from a Windows box, the permissions of the file change in the ...(more)

Ancillas gravatar imageAncillas ( 2013-05-07 14:37:22 -0500 )edit

that's it! thanks ramindk! i'm not using windows at all but this sounds like an issue with my deploy script

Michael Siebert gravatar imageMichael Siebert ( 2013-05-07 15:00:47 -0500 )edit

This is why best practices in my opinion is to set owner, group, mode explicitly whenever possible.

ramindk gravatar imageramindk ( 2013-05-07 15:33:42 -0500 )edit

answered 2013-05-07 12:10:35 -0500

llowder gravatar image

My guess is that somewhere you have setup a resource default like:

File {
  mode => '0644',

And the scope of this default has been wider than what was anticipated. As you mentioned it being global, it is probably either in site.pp outside of a node def, or in an imported .pp (ie, import "nodes/*.pp" ) and outside of a node def.

File resources apply to the current scope, as well as any "sub scopes" that may exist.

edit flag offensive delete link more


That was my first guess, too but no luck here. It seemed to come out of nothing. Because of the scoping, I rarely use resource defaults

Michael Siebert gravatar imageMichael Siebert ( 2013-05-07 12:27:43 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2013-05-07 10:27:35 -0500

Seen: 789 times

Last updated: May 07 '13