diff options
author | Luke Kanies <luke@madstop.com> | 2009-08-19 17:27:35 -0700 |
---|---|---|
committer | James Turnbull <james@lovedthanlost.net> | 2009-08-24 11:36:22 +1000 |
commit | a49915ad928e01aa1a5505ae52125fac6f4f2744 (patch) | |
tree | dad17046057b09451efc5743158ccd4a5846ac28 /lib | |
parent | 14ec838c0aad75098c5c86f77603640f6b1e7efc (diff) | |
download | puppet-a49915ad928e01aa1a5505ae52125fac6f4f2744.tar.gz puppet-a49915ad928e01aa1a5505ae52125fac6f4f2744.tar.xz puppet-a49915ad928e01aa1a5505ae52125fac6f4f2744.zip |
Not using the service user in settings when it's unavailable
This gets us most of the way toward fixing #2460 - we can
now have the certificate information owned by the service
user when it's available, thus making it so that puppetmasterd
(not running as root) can read it.
Signed-off-by: Luke Kanies <luke@madstop.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/puppet/util/settings.rb | 10 | ||||
-rw-r--r-- | lib/puppet/util/settings/file_setting.rb | 6 |
2 files changed, 15 insertions, 1 deletions
diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb index c49fbf3cb..625bab42a 100644 --- a/lib/puppet/util/settings.rb +++ b/lib/puppet/util/settings.rb @@ -465,6 +465,16 @@ class Puppet::Util::Settings return sectionlist, sections end + def service_user_available? + return @service_user_available if defined?(@service_user_available) + + return @service_user_available = false unless user_name = self[:user] + + user = Puppet::Type.type(:user).new :name => self[:user], :check => :ensure + + return @service_user_available = user.exists? + end + def set_value(param, value, type) param = param.to_sym unless setting = @config[param] diff --git a/lib/puppet/util/settings/file_setting.rb b/lib/puppet/util/settings/file_setting.rb index 7ddc4697c..22e408a95 100644 --- a/lib/puppet/util/settings/file_setting.rb +++ b/lib/puppet/util/settings/file_setting.rb @@ -35,10 +35,14 @@ class Puppet::Util::Settings::FileSetting < Puppet::Util::Settings::Setting def owner return unless defined?(@owner) && @owner - return "root" if @owner == "root" + return "root" if @owner == "root" or ! use_service_user? @settings[:user] end + def use_service_user? + @settings[:mkusers] or @settings.service_user_available? + end + # Set the type appropriately. Yep, a hack. This supports either naming # the variable 'dir', or adding a slash at the end. def munge(value) |