The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #14857

gid on files and directories don't change if group's gid is changed

Added by jist anidiot about 2 years ago. Updated almost 2 years ago.

Status:Needs More InformationStart date:06/06/2012
Priority:NormalDue date:
Assignee:jist anidiot% Done:

0%

Category:-
Target version:-
Affected Puppet version:2.7.12 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket may be automatically exported to the PUP project on JIRA using the button below:


Description

Problem: Someone created a group on a RHEL 5 box manually (in my specific case it was in conjunction with a user). Puppet comes along and changes that’s group’s gid (as well as the uid for the user). However all the files and directories that had that group do not get updated with the new gid (as an aside the uid does seem to get changed). I would think a gid id change for a group should result in something similar as a uid change for a user.

History

#1 Updated by Stefan Schulte about 2 years ago

Puppet will already fix ownership/group membership of files that are managed with puppet (owner and group property). And in my opinion puppet should not try to correct already existing files that are not under puppet control. Let’s say you have mounted an NFS share with files owned by group foo. Now someone creates a group bar but accidentally with foo’s gid. If puppet now corrects the manually created group bar you don’t want to change the group on all files on NFS. This may not be an ideal example but I just want to point out that puppet running through the filesystem and changing ownerships may not always what you want/expect.

It may only be safe to do that in the user’s homedirectory and in fact usermod -g/-u already does that for you (at least on linux):

       -g, --gid GROUP
           The group name or number of the users new initial login group. The group must exist.

           Any file from the users home directory owned by the previous primary group of the user will be owned
           by this new group.

           The group ownership of files outside of the users home directory must be fixed manually.

So in my opinion changing gid/uid does always include manual intervention but I guess it is a valid request to show a warning message when puppet updates gid or uid that you have to fix ownership of files that you are not managing with puppet.

#2 Updated by Kelsey Hightower about 2 years ago

  • Status changed from Unreviewed to Needs More Information
  • Assignee set to jist anidiot

Stefan,

Thanks for the response!

Jist,

Does Stefan’s response seem reasonable to you?

#3 Updated by Bram Mertens almost 2 years ago

Hi,

I agree that puppet shouldn’t alter the ownership of files “just anywhere” on the file system but it should change the ownership in the user’s home directory.

On my fedora 17 system running version 2.7.18 changing the user ID and group ID of one of my test accounts the group ownership was not modified when puppet changed the UID and GID of an account.

[m8ram@lxde puppet]$ sudo find /home/thor/ -ls
2359297    4 drwx------   4 thor     thor         4096 Nov  1 14:18 /home/thor/
2359304    4 drwxr-xr-x   2 thor     thor         4096 Jan 14  2012 /home/thor/.gnome2
2359298    4 -rw-r--r--   1 thor     thor          124 Jul 24 10:38 /home/thor/.bashrc
2359299    4 -rw-r--r--   1 thor     thor           18 Jul 24 10:38 /home/thor/.bash_logout
2359301    4 drwxr-xr-x   4 thor     thor         4096 May 22 22:40 /home/thor/.mozilla
2359302    4 drwxr-xr-x   2 thor     thor         4096 Jan 14  2012 /home/thor/.mozilla/plugins
2359303    4 drwxr-xr-x   2 thor     thor         4096 Jan 14  2012 /home/thor/.mozilla/extensions
2359300    4 -rw-r--r--   1 thor     thor          193 Jul 24 10:38 /home/thor/.bash_profile
[m8ram@lxde puppet]$ id thor
uid=503(thor) gid=1028(thor) groups=1028(thor)
[m8ram@lxde puppet]$ sudo puppet agent --server=lxde --test 
/usr/share/rubygems/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead.
/usr/share/ruby/vendor_ruby/puppet/provider/service/bsd.rb:12: warning: class variable access from toplevel
/usr/share/ruby/vendor_ruby/puppet/provider/service/freebsd.rb:8: warning: class variable access from toplevel
/usr/share/ruby/vendor_ruby/puppet/provider/service/freebsd.rb:9: warning: class variable access from toplevel
/usr/share/ruby/vendor_ruby/puppet/provider/service/freebsd.rb:10: warning: class variable access from toplevel
info: Caching catalog for lxde
info: Applying configuration version '1351775820'
notice: /Stage[main]/Arda/Group[thor]/gid: gid changed '1028' to '1003'
notice: /Stage[main]/Arda/User[thor]/uid: uid changed '503' to '1003'
notice: /Stage[main]/Arda/User[thor]/comment: comment changed '' to 'thor'
notice: Finished catalog run in 2.03 seconds
[m8ram@lxde puppet]$ sudo find /home/thor/ -ls
2359297    4 drwx------   4 thor     1028         4096 Nov  1 14:18 /home/thor/
2359304    4 drwxr-xr-x   2 thor     1028         4096 Jan 14  2012 /home/thor/.gnome2
2359298    4 -rw-r--r--   1 thor     1028          124 Jul 24 10:38 /home/thor/.bashrc
2359299    4 -rw-r--r--   1 thor     1028           18 Jul 24 10:38 /home/thor/.bash_logout
2359301    4 drwxr-xr-x   4 thor     1028         4096 May 22 22:40 /home/thor/.mozilla
2359302    4 drwxr-xr-x   2 thor     1028         4096 Jan 14  2012 /home/thor/.mozilla/plugins
2359303    4 drwxr-xr-x   2 thor     1028         4096 Jan 14  2012 /home/thor/.mozilla/extensions
2359300    4 -rw-r--r--   1 thor     1028          193 Jul 24 10:38 /home/thor/.bash_profile
[m8ram@lxde puppet]$ id thor
uid=1003(thor) gid=1003(thor) groups=1003(thor)
[m8ram@lxde puppet]$ 

Regards

Bram

Also available in: Atom PDF