Adding patch 20070913010926-6856b-eb64be3b5169b7af674388124b406a1db7470880.patch from womble -- More restrictive permissions on some puppet-related directories

2 files changed, 4 insertions, 3 deletions

diff --git a/debian/changelog b/debian/changelog
index a5b4d9bf9..a028a4d2c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,10 @@
 puppet (0.23.2-5) unstable; urgency=low
 
   * Add some NEWS for the ssldir transition.  Should have done that earlier.
+  * Remove the explicit mode change for vardir, and fix up the mode on
+    statedir, as well.  Closes: #425496.
 
- -- Matthew Palmer <mpalmer@debian.org>  Thu, 13 Sep 2007 10:52:37 +1000
+ -- Matthew Palmer <mpalmer@debian.org>  Thu, 13 Sep 2007 11:08:03 +1000
 
 puppet (0.23.2-4) unstable; urgency=low
 
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index 9a95c3cab..f8fd23ea8 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -55,7 +55,7 @@ module Puppet
             syslog.  Syslog has a fixed list of valid facilities, and you must
             choose one of those; you cannot just make one up."],
         :statedir => { :default => "$vardir/state",
-            :mode => 01777,
+            :mode => 01755,
             :desc => "The directory where Puppet state is stored.  Generally,
                 this directory can be removed without causing harm (although it
                 might result in spurious service restarts)."
@@ -74,7 +74,6 @@ module Puppet
             :desc => "Where SSL certificates are kept."
         },
         :rundir => { :default => rundir,
-            :mode => 01777,
             :desc => "Where Puppet PID files are kept."
         },
         :genconfig => [false,