paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-09 16:37:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

puppet: Match the x bits on directories to what puppet actually does.

Browse Source 
Puppet _always_ sets the `+x` bit on directories if they have the `r`
bit set for that slot[^1]:

> When specifying numeric permissions for directories, Puppet sets the
> search permission wherever the read permission is set.

As such, for instance, `0640` is actually applied as `0750`.

Fix what we "want" to match what puppet is applying, by adding the `x`
bit.  In none of these cases did we actually intend the directory to
not be executable.

[1] https://www.puppet.com/docs/puppet/5.5/types/file.html#file-attribute-mode
This commit is contained in:
Alex Vandiver
2023-01-26 22:26:51 +00:00
committed by Tim Abbott
parent 372bba4a8e
commit e8123dfeea
9 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
puppet/zulip/manifests/app_frontend_base.pp
View File

@@ -199,7 +199,7 @@ class zulip::app_frontend_base {
ensure => directory, ensure => directory,
owner => 'zulip', owner => 'zulip',
group => 'zulip', group => 'zulip',
mode => '0640', mode => '0750',
} }
file { "${zulip::common::nagios_plugins_dir}/zulip_app_frontend": file { "${zulip::common::nagios_plugins_dir}/zulip_app_frontend":

4
puppet/zulip/manifests/nginx.pp
View File

@@ -73,7 +73,7 @@ class zulip::nginx {
ensure => directory, ensure => directory,
owner => 'zulip', owner => 'zulip',
group => 'adm', group => 'adm',
mode => '0650', mode => '0750',
} }
file { '/etc/logrotate.d/nginx': file { '/etc/logrotate.d/nginx':
ensure => file, ensure => file,
@@ -90,7 +90,7 @@ class zulip::nginx {
ensure => directory, ensure => directory,
owner => 'zulip', owner => 'zulip',
group => 'adm', group => 'adm',
mode => '0660', mode => '0770',
} }
service { 'nginx': service { 'nginx':

2
puppet/zulip/manifests/postgresql_common.pp
View File

@@ -44,7 +44,7 @@ class zulip::postgresql_common {
# allows ssl-cert group to read /etc/pki/tls/private # allows ssl-cert group to read /etc/pki/tls/private
file { '/etc/pki/tls/private': file { '/etc/pki/tls/private':
ensure => directory, ensure => directory,
mode => '0640', mode => '0750',
owner => 'root', owner => 'root',
group => 'ssl-cert', group => 'ssl-cert',
} }

6
puppet/zulip/manifests/profile/base.pp
View File

@@ -79,7 +79,7 @@ class zulip::profile::base {
file { '/etc/zulip': file { '/etc/zulip':
ensure => directory, ensure => directory,
mode => '0644', mode => '0755',
owner => 'zulip', owner => 'zulip',
group => 'zulip', group => 'zulip',
links => follow, links => follow,
@@ -117,14 +117,14 @@ class zulip::profile::base {
file { '/var/lib/nagios_state/': file { '/var/lib/nagios_state/':
ensure => directory, ensure => directory,
group => 'zulip', group => 'zulip',
mode => '0774', mode => '0775',
} }
file { '/var/log/zulip': file { '/var/log/zulip':
ensure => directory, ensure => directory,
owner => 'zulip', owner => 'zulip',
group => 'zulip', group => 'zulip',
mode => '0640', mode => '0750',
} }
file { "${zulip::common::nagios_plugins_dir}/zulip_base": file { "${zulip::common::nagios_plugins_dir}/zulip_base":

4
puppet/zulip_ops/manifests/apache.pp
View File

@@ -19,7 +19,7 @@ class zulip_ops::apache {
require => Package['apache2'], require => Package['apache2'],
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0755',
} }
file { '/etc/apache2/ports.conf': file { '/etc/apache2/ports.conf':
@@ -37,6 +37,6 @@ class zulip_ops::apache {
require => Package[apache2], require => Package[apache2],
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0640', mode => '0750',
} }
} }

6
puppet/zulip_ops/manifests/profile/base.pp
View File

@@ -64,7 +64,7 @@ class zulip_ops::profile::base {
require => User['zulip'], require => User['zulip'],
owner => 'zulip', owner => 'zulip',
group => 'zulip', group => 'zulip',
mode => '0600', mode => '0700',
} }
# Clear /etc/update-motd.d, to fix load problems with Nagios # Clear /etc/update-motd.d, to fix load problems with Nagios
@@ -170,14 +170,14 @@ class zulip_ops::profile::base {
require => User['nagios'], require => User['nagios'],
owner => 'nagios', owner => 'nagios',
group => 'nagios', group => 'nagios',
mode => '0600', mode => '0700',
} }
file { '/var/lib/nagios/.ssh': file { '/var/lib/nagios/.ssh':
ensure => directory, ensure => directory,
require => File['/var/lib/nagios/'], require => File['/var/lib/nagios/'],
owner => 'nagios', owner => 'nagios',
group => 'nagios', group => 'nagios',
mode => '0600', mode => '0700',
} }
file { '/home/nagios': file { '/home/nagios':
ensure => absent, ensure => absent,

2
puppet/zulip_ops/manifests/profile/grafana.pp
View File

@@ -60,7 +60,7 @@ class zulip_ops::profile::grafana {
ensure => directory, ensure => directory,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0755',
} }
file { '/etc/grafana/grafana.ini': file { '/etc/grafana/grafana.ini':
ensure => file, ensure => file,

2
puppet/zulip_ops/manifests/profile/prometheus_server.pp
View File

@@ -32,7 +32,7 @@ class zulip_ops::profile::prometheus_server {
ensure => directory, ensure => directory,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0755',
} }
file { '/etc/prometheus/prometheus.yaml': file { '/etc/prometheus/prometheus.yaml':
ensure => file, ensure => file,

2
puppet/zulip_ops/manifests/profile/zmirror_personals.pp
View File

@@ -30,7 +30,7 @@ class zulip_ops::profile::zmirror_personals {
file { ['/home/zulip/api-keys', '/home/zulip/zephyr_sessions', '/home/zulip/ccache', file { ['/home/zulip/api-keys', '/home/zulip/zephyr_sessions', '/home/zulip/ccache',
'/home/zulip/mirror_status']: '/home/zulip/mirror_status']:
ensure => directory, ensure => directory,
mode => '0644', mode => '0755',
owner => 'zulip', owner => 'zulip',
group => 'zulip', group => 'zulip',
} }