Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add umask option to package resource type #9419

Open
bobnegri opened this issue Jul 21, 2024 · 2 comments
Open

Add umask option to package resource type #9419

bobnegri opened this issue Jul 21, 2024 · 2 comments
Labels
enhancement New feature or request

Comments

@bobnegri
Copy link

Use Case

When the puppet agent runs in a scheduled manner under the puppet service on a Linux server, it uses umask 022 when it installs python modules and gems via the package resource type. When forced to run by sudo puppet agent --test, the python and gem packages get installed so that only root can use the packages. This is frustrating as the package then needs to be manually uninstalled, and then reinstalled being sure to set umask 022. This assumes the team member running the command even noticed there was an issue in the first place. Generally the issue appears when a GitLab Runner process begins to fail or another process begins to fail.

Describe the Solution You Would Like

I would like to see one of the following:

  • Resource type package uses umask 022 by default in the background, maybe for:
    • gem
    • pip, pip2, pip3
    • puppet_gem
    • puppetserver_gem

Or

  • Add attribute umask to resource type package

Describe Alternatives You've Considered

We currently use npwalker-recursive_file_permissions in our various Puppet modules based on server type and whether or not we are installing a gem or a python module.

Additional Context

N/A

@bobnegri bobnegri added the enhancement New feature or request label Jul 21, 2024
@AriaXLi
Copy link
Contributor

AriaXLi commented Oct 29, 2024

@bobnegri Thank you for opening this issue, would it be possible to check if this behavior is being caused by puppet or if it's being caused by running the python and gem commands? Thank you!

@bobnegri
Copy link
Author

I have no idea how I missed the question. Sorry.

I know from experience that running the commands as 'root', one has to add 'umask 022' before executing the pip install or gem install commands, otherwise only the 'root' user can use the newly installed/updated module.

As I mentioned, when the puppet service kicks of the puppet agent run on a Linux server, things seems to install with the correct permissions. The issue is when we manually force the puppet agent to run due to limited change implementation windows. (At my company, the puppet agent runs hourly.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants