Ensure lenses are owned by root

This is necessary as lenses are fetched with file via puppet urls. This leads to whoever ownes the files on the puppet master owns the files on the node. This may lead to arbitrary users owning the lenses. See http://projects.puppetlabs.com/issues/5240
author: Lienhart Woitok <lienhart.woitok@netlogix.de> 2013-10-14 18:24:24 +0200
committer: Lienhart Woitok <lienhart.woitok@netlogix.de> 2013-10-14 18:29:36 +0200
commit: 53ab6b124272d9876b6f1b782c4fc38f791c56b8 (patch)
tree: e93ea52a40ac45d38186d4ef6e782b3d196cd5d3 /manifests
parent: 0c75e1584827e52c3af20d304a76111f37307c48 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/manifests/lens.pp b/manifests/lens.pp
index ac4fddf..b299dc6 100644
--- a/manifests/lens.pp
+++ b/manifests/lens.pp
@@ -30,6 +30,12 @@ define augeas::lens (
     fail('You must declare the augeas class before using augeas::lens')
   }
 
+  File {
+    owner => 'root',
+    group => 'root',
+    mode => '0644',
+  }
+
   if (!$stock_since or versioncmp($::augeasversion, $stock_since) < 0) {
 
     validate_re(
author	Lienhart Woitok <lienhart.woitok@netlogix.de>	2013-10-14 18:24:24 +0200
committer	Lienhart Woitok <lienhart.woitok@netlogix.de>	2013-10-14 18:29:36 +0200
commit	53ab6b124272d9876b6f1b782c4fc38f791c56b8 (patch)
tree	e93ea52a40ac45d38186d4ef6e782b3d196cd5d3 /manifests
parent	0c75e1584827e52c3af20d304a76111f37307c48 (diff)