2

I'm setting up jail shells using puppet to maintain a copy of the required libraries within the jails.

Using the following puppet code I can successfully copy the files across:

file { "/home/${username}/lib/x86_64-linux-gnu/libdl.so.2":
        ensure => present,
        source => "/lib/x86_64-linux-gnu/libdl.so.2",
        mode => '0700',
        links => 'manage',
        owner => $username,
        group => $username,
        require => File["/home/${username}/lib/x86_64-linux-gnu/"]
}

It appears though that the source file permissions are being changed to $username:$username as well as the destination file permissions.

The file /lib/x86_64-linux-gnu/libdl.so.2 end's up with the following permissions: 

-rwx------ 1 $username $username ld-2.19.so

The jailed users are obviously able to login with this setup, but for everyone else that would be using /bin/bash in the real /lib folder it is breaking the login.

Stephen Mahood
  • 61
  • 2
  • I ran your code on a test machine, and it works fine for me, i.e. it creates a broken symbolic link. Is there any chance that the resource File["/home/${username}/lib/x86_64-linux-gnu/"] might be causing the issue, i.e. your permissions are changed there? Please add the output of the puppet run with `-v` and `--debug`. – M. Glatki Jun 08 '16 at 22:22

1 Answers1

0

You have to quote:

owner => '$username',

user9517
  • 115,471
  • 20
  • 215
  • 297
Christoph
  • 107
  • 9
  • it's not the fact that it is setting the file permissions incorrectly, i.e the $username is just a placeholder in the permissions example above. The problem is that the permissions are being set on the source file as well as the destination file – Stephen Mahood Jun 07 '16 at 18:21