-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: How best to deal with sensu-gem permissions when you have a restrictive umask #523
Comments
I have thought about this and I can't think of a way to ignore the umask and think that maybe the best solution would be to enhance the sensu_gem provider to set all the permissions for gem files after install. @cwjohnston thoughts? |
chef/chef#3741 would obviously help with this problem. |
Update: I solved this internally but am not exactly in love with my solution and it certainly would not work for everyone (windows). What I essentially did was create a library to idempotently chmod files. Then in my sensu wrapper I call this with the paths that are problematic and then it changes it if needed. |
Is it possible to somehow overwrite the umask when installing gems via sensu_gem?
Ideal Behavior
I'd like to be able to be able to specify in the resource a way to set the expected permissions. Otherwise we will need to rely on something hacky like an exec block after to chmod the files.
Current Behavior
When gems are created there is no way to specify what sort of permissions they should be created with.
Possible Solution
Not sure from my brief research on a good solution. I suppose that we could add an conditional and use the exec block in the resource rather than having to do that in the wrapper. Honestly still not sure how I feel about this.
Steps to Reproduce (for bugs)
Context
We typically set umask (using the os-hardening cookbook), this will then create files with limited permissions. In our current setup it is mitigated at some level because we set it later in the run list. The problem is when we add a new gem to an already running system.
Your Environment
The text was updated successfully, but these errors were encountered: