From c80c781fa05f94ac1c8631e068af98a6839b0a4a Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 30 Aug 2014 13:17:55 +0200 Subject: do privilege drop properly within cron --- manifests/master/dashboard.pp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/manifests/master/dashboard.pp b/manifests/master/dashboard.pp index e3d56b5..4cbee12 100644 --- a/manifests/master/dashboard.pp +++ b/manifests/master/dashboard.pp @@ -46,11 +46,11 @@ class puppet::master::dashboard( file{'/etc/cron.daily/puppet-dashboard_cleanup': content => "#/bin/bash cd /usr/share/puppet-dashboard -RAILS_ENV=production /usr/bin/rake reports:prune upto=1 unit=mon >> /usr/share/puppet-dashboard/log/cron.log -RAILS_ENV=production /usr/bin/rake reports:prune:orphaned >> /usr/share/puppet-dashboard/log/cron.log -RAILS_ENV=production /usr/bin/rake db:raw:optimize >> /usr/share/puppet-dashboard/log/cron.log\n", - owner => 'puppet-dashboard', - group => 'puppet-dashboard', +su - puppet-dashboard -s /bin/bash -c 'RAILS_ENV=production /usr/bin/rake reports:prune upto=1 unit=mon >> /usr/share/puppet-dashboard/log/cron.log' +su - puppet-dashboard -s /bin/bash -c 'RAILS_ENV=production /usr/bin/rake reports:prune:orphaned >> /usr/share/puppet-dashboard/log/cron.log' +su - puppet-dashboard -s /bin/bash -c 'RAILS_ENV=production /usr/bin/rake db:raw:optimize >> /usr/share/puppet-dashboard/log/cron.log'\n", + owner => 'root', + group => 0, mode => '0755', require => Service['puppet-dashboard-workers']; } @@ -60,7 +60,8 @@ RAILS_ENV=production /usr/bin/rake db:raw:optimize >> /usr/share/puppet-dashboar Service['puppet-dashboard']{ ensure => running, enable => true, - subscribe => File['/usr/share/puppet-dashboard/config/database.yml','/usr/share/puppet-dashboard/config/settings.yml'], + subscribe => File['/usr/share/puppet-dashboard/config/database.yml', + '/usr/share/puppet-dashboard/config/settings.yml'], } } else { Service['puppet-dashboard']{ -- cgit v1.2.3