Page MenuHomePhabricator

role::puppetmaster::standalone clones Git repositories as gitpuppet, git-sync-upstream overwrites them as root
Open, Needs TriagePublic


On a fresh instance with role::puppetmaster::standalone applied (no class parameters), /var/lib/git/labs/private is initially owned by gitpuppet:root and /var/lib/git/operations/puppet by gitpuppet:gitpuppet. Subsequently, git-sync-upstream runs every 10 minutes as root and will overwrite some/create new files with each update. This is confusing and could cause subtle bugs.

IMHO changing the initial clone to be owned by root is preferable because if an admin as root messes around with the Git repositories and git-sync-upstream would run as gitpuppet, it could stop working due to permissions.

Event Timeline

Change 324727 had a related patch set uploaded (by Tim Landscheidt):
puppetmaster: Clone repositories in Labs as root

Aklapper added subscribers: Phamhi, aborrero.

In the meantime,

In theory, the two added lines in could still be applied in line 58.
Would be nice to get input / a decision here.

Aklapper removed scfc as the assignee of this task.Jun 1 2020, 8:12 AM

Assignee has not been active since 2018 hence resetting task assignee.