From 53ab6b124272d9876b6f1b782c4fc38f791c56b8 Mon Sep 17 00:00:00 2001
From: Lienhart Woitok <lienhart.woitok@netlogix.de>
Date: Mon, 14 Oct 2013 18:24:24 +0200
Subject: Ensure lenses are owned by root

This is necessary as lenses are fetched with file via puppet urls.
This leads to whoever ownes the files on the puppet master owns the
files on the node. This may lead to arbitrary users owning the lenses.
See http://projects.puppetlabs.com/issues/5240
---
 manifests/lens.pp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'manifests')

diff --git a/manifests/lens.pp b/manifests/lens.pp
index ac4fddf..b299dc6 100644
--- a/manifests/lens.pp
+++ b/manifests/lens.pp
@@ -30,6 +30,12 @@ define augeas::lens (
     fail('You must declare the augeas class before using augeas::lens')
   }
 
+  File {
+    owner => 'root',
+    group => 'root',
+    mode => '0644',
+  }
+
   if (!$stock_since or versioncmp($::augeasversion, $stock_since) < 0) {
 
     validate_re(
-- 
cgit v1.2.3