From 1241fb2f62733b8b8b561f9746505f23cd81e3be Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 8 Jan 2016 12:12:07 +0100 Subject: [bug] Make /etc/leap world-readable Under jessie, leap-mx is started by systemd now, not as a forked proc by twistd anymore. Therefore leap-mx (the user the mx proc runs as) needs direct access to it's config file under /etc/leap/mx.conf. Before, twistd would start as root, read the config and then fork an mx proc as unprivileged leap-mx user. - Tested: [quetzal] - Resolves: #7782 --- puppet/modules/site_config/manifests/files.pp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/files.pp b/puppet/modules/site_config/manifests/files.pp index 684d3ad0..d2ef8a98 100644 --- a/puppet/modules/site_config/manifests/files.pp +++ b/puppet/modules/site_config/manifests/files.pp @@ -1,3 +1,4 @@ +# set up core leap files and directories class site_config::files { file { @@ -7,15 +8,15 @@ class site_config::files { group => 'root', mode => '0711'; - '/var/lib/leap': + [ '/etc/leap', '/var/lib/leap']: ensure => directory, - owner => root, + owner => 'root', group => 'root', mode => '0755'; '/var/log/leap': ensure => directory, - owner => root, + owner => 'root', group => 'adm', mode => '0750'; } -- cgit v1.2.3