Ask Your Question
6

puppet agent running as unprivileged user

asked 2013-02-05 14:53:21 -0500

niranjan gravatar image

updated 2013-02-07 14:23:04 -0500

Hello friends,

I am working in a team where we do not get root/sudo access. I am finding it hard to configure Puppet agents because of the way the environments are setup. So here is the scenario:

  • Each host has multiple unprivileged user accounts; say 'user1', 'user2', 'user3'
  • Each user account owns a few applications (mostly Tomcat based) which needs to be managed by Puppet
  • On every host, there is an unprivileged user account (say 'pipeline'), which can sudo to all the user accounts (user1, user2, etc...)

Now I have to run Puppet agent on these hosts as an ... (more)

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted
6

answered 2013-02-05 17:15:51 -0500

Stefan gravatar image

updated 2013-02-09 04:18:32 -0500

Puppet in general is not very good in running as a different user than root. You will probably stumble across different issues because providers in general will expect to run as root.

If you want to run puppet as an unpriviledged user you are mostly not able to change the environment a lot but it can still be used to detect if your current state is not the desired state. One thing that comes in handy is that facter will give you the id fact that represents the current user that is running puppet. So a basic manifest can look ... (more)

edit flag offensive delete link more

Comments

Unfortunately, there is just no way our team will get root/sudo access. So far, I had been successful in rolling out a puppet deployment without privileged access, as long ...(more)

niranjan gravatar imageniranjan ( 2013-02-07 14:12:23 -0500 )edit

Does the edited answer now solves your issue? I'm not quite sure if your main problem is now executing puppet with different users (e.g. certificate or permission problems ...(more)

Stefan gravatar imageStefan ( 2013-02-15 18:04:33 -0500 )edit

Hi Stefan, thanks for your answer. I understand what you are trying to convey. I have decided to run puppet agents under each user and they talk to dedicated masters ...(more)

niranjan gravatar imageniranjan ( 2013-02-21 19:52:22 -0500 )edit

This has been pending for quite a while now. Can a moderator accept the answer?

Ancillas gravatar imageAncillas ( 2013-02-28 11:19:33 -0500 )edit
0

answered 2013-02-05 15:54:00 -0500

llowder gravatar image

To run effectively, the puppet agent needs to be able to run with privileges, so that it can change file attributes, install packages start and stop services etc effectively.

That being said, it is possibly to run puppet unprivileged using "puppet apply" and by changing the startup scripts (these vary based on what OS you are using) that the daemon uses.

Unless you give all the files in question very permissive (and probably unsafely so) permissions, the agent will be severely limited in what it can do.

edit flag offensive delete link more

Comments

how do you allow a puppet agent to run with root access? I have been trying to figure that out. (note: I am a first year college student, please dumb ...(more)

swei gravatar imageswei ( 2013-07-08 18:06:04 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2013-02-05 14:53:21 -0500

Seen: 3,974 times

Last updated: Feb 09 '13