From 41da96281f6c8902191b2c6cc8e07e31363d8f45 Mon Sep 17 00:00:00 2001 From: Jesse Wolfe Date: Tue, 24 Nov 2009 19:34:15 -0800 Subject: Feature 2827 Option to disable managing internal files Add a flag "manage_internal_file_permissions" which is enabled by default. Disabling this flag prevents Puppet from managing the owner, group, or mode of files created from Puppet::Util::Settings::FileSetting I think this is a wide enough net to follow Luke's suggestion of "disable management of everything", and it certainly satisfies the requests I'm aware of, but if I've missed anything, let me know. Signed-off-by: Jesse Wolfe --- lib/puppet/defaults.rb | 4 ++++ lib/puppet/util/settings/file_setting.rb | 11 +++++++---- spec/unit/util/settings/file_setting.rb | 25 +++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index 9d992dd74..590de83fd 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -86,6 +86,10 @@ module Puppet :mkusers => [false, "Whether to create the necessary user and group that puppetd will run as."], + :manage_internal_file_permissions => [true, + "Whether Puppet should manage the owner, group, and mode of files + it uses internally" + ], :path => {:default => "none", :desc => "The shell search path. Defaults to whatever is inherited from the parent process.", diff --git a/lib/puppet/util/settings/file_setting.rb b/lib/puppet/util/settings/file_setting.rb index 573628fb8..2dfbcf46e 100644 --- a/lib/puppet/util/settings/file_setting.rb +++ b/lib/puppet/util/settings/file_setting.rb @@ -89,11 +89,14 @@ class Puppet::Util::Settings::FileSetting < Puppet::Util::Settings::Setting return nil if path =~ /^\/dev/ resource = Puppet::Resource.new(:file, path) - resource[:mode] = self.mode if self.mode - if Puppet.features.root? - resource[:owner] = self.owner if self.owner - resource[:group] = self.group if self.group + if Puppet[:manage_internal_file_permissions] + resource[:mode] = self.mode if self.mode + + if Puppet.features.root? + resource[:owner] = self.owner if self.owner + resource[:group] = self.group if self.group + end end resource[:ensure] = type diff --git a/spec/unit/util/settings/file_setting.rb b/spec/unit/util/settings/file_setting.rb index 74d68fb7d..dfe4d25d0 100755 --- a/spec/unit/util/settings/file_setting.rb +++ b/spec/unit/util/settings/file_setting.rb @@ -169,18 +169,43 @@ describe Puppet::Util::Settings::FileSetting do @file.to_resource[:mode].should == 0755 end + it "should not set the mode on a the file if manage_internal_file_permissions is disabled" do + Puppet[:manage_internal_file_permissions] = false + + @file.stubs(:mode).returns(0755) + + @file.to_resource[:mode].should == nil + end + it "should set the owner if running as root and the owner is provided" do Puppet.features.expects(:root?).returns true @file.stubs(:owner).returns "foo" @file.to_resource[:owner].should == "foo" end + it "should not set the owner if manage_internal_file_permissions is disabled" do + Puppet[:manage_internal_file_permissions] = false + Puppet.features.stubs(:root?).returns true + @file.stubs(:owner).returns "foo" + + @file.to_resource[:owner].should == nil + end + it "should set the group if running as root and the group is provided" do Puppet.features.expects(:root?).returns true @file.stubs(:group).returns "foo" @file.to_resource[:group].should == "foo" end + it "should not set the group if manage_internal_file_permissions is disabled" do + Puppet[:manage_internal_file_permissions] = false + Puppet.features.stubs(:root?).returns true + @file.stubs(:group).returns "foo" + + @file.to_resource[:group].should == nil + end + + it "should not set owner if not running as root" do Puppet.features.expects(:root?).returns false @file.stubs(:owner).returns "foo" -- cgit