set permissions/ownership on configuration directories?
cure opened this issue · 4 comments
I need to be able to set certain permissions and ownership on the unbound configuration directories. Specifically, I want conf.d to be writable by another user (so, 775 and group changed to another group).
There are a few ways to achieve this. How would you like to facilitate this? Add ownership/group options to the parameters? Or make setting the conf_d variable to false actually work so that I can define it outside of the module with the proper permissions/ownership? It doesn't right now:
Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: No title provided and :file is not a valid resource reference at modules/unbound/manifests/init.pp:100
I can make a patch and pull request, but I'd rather know what you should find acceptable first.
Any thoughts on this?
the standard way to do this is to add variables for conf_d_owner and conf_d_group
i'm not entirely happy about this, but may i ask why, exactly, you need this?
i.e.: what problem are you trying to solve?
I have just run into this during an upgrade to OpenBSD 5.9. Upon startup, without writable permissions on the etc directory, unbound starts with an error:
May 29 10:58:35 soek unbound: [6344:0] fatal error: could not open autotrust file for writing, /var/unbound/etc/root.key.6344-0: Permission denied
Modifying the permissions as 0775 with root:_unbound on the /var/unbound/etc directory fixes this problem. Perhaps I'd not seen this because my unbound was older than that being reported? I'll have a look over the code and see where we might address the permissions.
I think this may be fixed now with https://github.com/voxpupuli/puppet-unbound/blob/master/manifests/init.pp#L212-L214. If you are still seeing an problem can you create a new issues. the code has changed significantly since this issue was first raised