File Ownership and Permissions when Master and Agent reside the same node

asked 2014-08-17 12:03:00 -0600

Herr-Herner gravatar image

I am running a puppet master and an agent on the same node using the agent for managing the master itself. The master runs within Apache Passenger under user "puppet" like described here: https://docs.puppetlabs.com/guides/pa... . The agent runs under "root". Have you get any recommendations for setting up file ownership and permissions regarding puppet's directories like "/var/lib/puppet", "etc/puppet" and "/usr/share/puppet"? Currently each puppet file in the three directories is owned by user "puppet", otherwise I am uncertain if things run properly. Are there any files which the agent creates and must be read by the master within the directory structure? Hopefully not, otherwise I am getting into trouble.

edit retag flag offensive close merge delete

Comments

After some tests I recognized that concat causes problems. I make an exec-chown -R puppet:puppet resulting in file ownership changes all the time from "puppet" to "root", because the concat-files are owned by different users. I think we have to limit the files owned by "puppet" to the bare minimum.

Herr-Herner gravatar imageHerr-Herner ( 2014-08-18 02:11:47 -0600 )edit