diff options
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/application/master.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/feature/base.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/provider/nameservice/directoryservice.rb | 2 | ||||
| -rwxr-xr-x | lib/puppet/type/file/owner.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/util/settings.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/util/suidmanager.rb | 6 |
6 files changed, 10 insertions, 6 deletions
diff --git a/lib/puppet/application/master.rb b/lib/puppet/application/master.rb index 433a4d2f2..5d597a69b 100644 --- a/lib/puppet/application/master.rb +++ b/lib/puppet/application/master.rb @@ -95,7 +95,7 @@ class Puppet::Application::Master < Puppet::Application Puppet::SSL::Host.ca_location = :only end - if Process.uid == 0 + if Puppet.features.root? begin Puppet::Util.chuser rescue => detail diff --git a/lib/puppet/feature/base.rb b/lib/puppet/feature/base.rb index aac04f234..1971f14f2 100644 --- a/lib/puppet/feature/base.rb +++ b/lib/puppet/feature/base.rb @@ -15,7 +15,7 @@ Puppet.features.add(:usage, :libs => %w{rdoc/ri/ri_paths rdoc/usage}) Puppet.features.add(:libshadow, :libs => ["shadow"]) # We're running as root. -Puppet.features.add(:root) { require 'puppet/util/suidmanager'; Puppet::Util::SUIDManager.uid == 0 } +Puppet.features.add(:root) { require 'puppet/util/suidmanager'; Puppet::Util::SUIDManager.root? } # We've got mongrel available Puppet.features.add(:mongrel, :libs => %w{rubygems mongrel puppet/network/http_server/mongrel}) diff --git a/lib/puppet/provider/nameservice/directoryservice.rb b/lib/puppet/provider/nameservice/directoryservice.rb index 9a860b71e..2d4fc24c0 100644 --- a/lib/puppet/provider/nameservice/directoryservice.rb +++ b/lib/puppet/provider/nameservice/directoryservice.rb @@ -215,7 +215,7 @@ class DirectoryService < Puppet::Provider::NameService # stored in the user record. It is stored at a path that involves the # UUID of the user record for non-Mobile local acccounts. # Mobile Accounts are out of scope for this provider for now - if @resource_type.validproperties.include?(:password) and Process.uid == 0 + if @resource_type.validproperties.include?(:password) and Puppet.features.root? attribute_hash[:password] = self.get_password(attribute_hash[:guid]) end return attribute_hash diff --git a/lib/puppet/type/file/owner.rb b/lib/puppet/type/file/owner.rb index e5ca06a86..2b530928e 100755 --- a/lib/puppet/type/file/owner.rb +++ b/lib/puppet/type/file/owner.rb @@ -42,7 +42,7 @@ module Puppet return true if uid == current end - unless Puppet::Util::SUIDManager.uid == 0 + unless Puppet.features.root? warnonce "Cannot manage ownership unless running as root" return true end diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb index dd85342c0..1a2126517 100644 --- a/lib/puppet/util/settings.rb +++ b/lib/puppet/util/settings.rb @@ -728,7 +728,7 @@ Generated on #{Time.now}. def writesub(default, file, *args, &bloc) obj = get_config_file_default(default) chown = nil - if Puppet::Util::SUIDManager.uid == 0 + if Puppet.features.root? chown = [obj.owner, obj.group] else chown = [nil, nil] diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb index 424fb461b..6f09005e2 100644 --- a/lib/puppet/util/suidmanager.rb +++ b/lib/puppet/util/suidmanager.rb @@ -44,9 +44,13 @@ module Puppet::Util::SUIDManager alias :gid :egid end + def self.root? + Process.uid == 0 + end + # Runs block setting uid and gid if provided then restoring original ids def asuser(new_uid=nil, new_gid=nil) - return yield unless Process.uid == 0 + return yield unless root? # We set both because some programs like to drop privs, i.e. bash. old_uid, old_gid = self.uid, self.gid old_euid, old_egid = self.euid, self.egid |