diff options
author | Lienhart Woitok <lienhart.woitok@netlogix.de> | 2013-10-14 18:24:24 +0200 |
---|---|---|
committer | Lienhart Woitok <lienhart.woitok@netlogix.de> | 2013-10-14 18:29:36 +0200 |
commit | 53ab6b124272d9876b6f1b782c4fc38f791c56b8 (patch) | |
tree | e93ea52a40ac45d38186d4ef6e782b3d196cd5d3 /manifests/lens.pp | |
parent | 0c75e1584827e52c3af20d304a76111f37307c48 (diff) |
Ensure lenses are owned by root
This is necessary as lenses are fetched with file via puppet urls.
This leads to whoever ownes the files on the puppet master owns the
files on the node. This may lead to arbitrary users owning the lenses.
See http://projects.puppetlabs.com/issues/5240
Diffstat (limited to 'manifests/lens.pp')
-rw-r--r-- | manifests/lens.pp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/manifests/lens.pp b/manifests/lens.pp index ac4fddf..b299dc6 100644 --- a/manifests/lens.pp +++ b/manifests/lens.pp @@ -30,6 +30,12 @@ define augeas::lens ( fail('You must declare the augeas class before using augeas::lens') } + File { + owner => 'root', + group => 'root', + mode => '0644', + } + if (!$stock_since or versioncmp($::augeasversion, $stock_since) < 0) { validate_re( |