puppet: Match the x bits on directories to what puppet actually does.

Puppet _always_ sets the `+x` bit on directories if they have the `r` bit set for that slot[^1]: > When specifying numeric permissions for directories, Puppet sets the > search permission wherever the read permission is set. As such, for instance, `0640` is actually applied as `0750`. Fix what we "want" to match what puppet is applying, by adding the `x` bit. In none of these cases did we actually intend the directory to not be executable. [1] https://www.puppet.com/docs/puppet/5.5/types/file.html#file-attribute-mode
2025-11-03 05:23:35 +00:00 · 2023-01-26 22:26:51 +00:00
parent 372bba4a8e
commit e8123dfeea
9 changed files with 15 additions and 15 deletions
--- a/puppet/zulip_ops/manifests/apache.pp
+++ b/puppet/zulip_ops/manifests/apache.pp
@@ -19,7 +19,7 @@ class zulip_ops::apache {
    require => Package['apache2'],
    owner   => 'root',
    group   => 'root',
-    mode    => '0644',
+    mode    => '0755',
  }

  file { '/etc/apache2/ports.conf':
@@ -37,6 +37,6 @@ class zulip_ops::apache {
    require => Package[apache2],
    owner   => 'root',
    group   => 'root',
-    mode    => '0640',
+    mode    => '0750',
  }
 }
--- a/puppet/zulip_ops/manifests/profile/base.pp
+++ b/puppet/zulip_ops/manifests/profile/base.pp
@@ -64,7 +64,7 @@ class zulip_ops::profile::base {
    require => User['zulip'],
    owner   => 'zulip',
    group   => 'zulip',
-    mode    => '0600',
+    mode    => '0700',
  }

  # Clear /etc/update-motd.d, to fix load problems with Nagios
@@ -170,14 +170,14 @@ class zulip_ops::profile::base {
    require => User['nagios'],
    owner   => 'nagios',
    group   => 'nagios',
-    mode    => '0600',
+    mode    => '0700',
  }
  file { '/var/lib/nagios/.ssh':
    ensure  => directory,
    require => File['/var/lib/nagios/'],
    owner   => 'nagios',
    group   => 'nagios',
-    mode    => '0600',
+    mode    => '0700',
  }
  file { '/home/nagios':
    ensure  => absent,
--- a/puppet/zulip_ops/manifests/profile/grafana.pp
+++ b/puppet/zulip_ops/manifests/profile/grafana.pp
@@ -60,7 +60,7 @@ class zulip_ops::profile::grafana {
    ensure => directory,
    owner  => 'root',
    group  => 'root',
-    mode   => '0644',
+    mode   => '0755',
  }
  file { '/etc/grafana/grafana.ini':
    ensure => file,
--- a/puppet/zulip_ops/manifests/profile/prometheus_server.pp
+++ b/puppet/zulip_ops/manifests/profile/prometheus_server.pp
@@ -32,7 +32,7 @@ class zulip_ops::profile::prometheus_server {
    ensure => directory,
    owner  => 'root',
    group  => 'root',
-    mode   => '0644',
+    mode   => '0755',
  }
  file { '/etc/prometheus/prometheus.yaml':
    ensure => file,
--- a/puppet/zulip_ops/manifests/profile/zmirror_personals.pp
+++ b/puppet/zulip_ops/manifests/profile/zmirror_personals.pp
@@ -30,7 +30,7 @@ class zulip_ops::profile::zmirror_personals {
  file { ['/home/zulip/api-keys', '/home/zulip/zephyr_sessions', '/home/zulip/ccache',
          '/home/zulip/mirror_status']:
    ensure => directory,
-    mode   => '0644',
+    mode   => '0755',
    owner  => 'zulip',
    group  => 'zulip',
  }