Set script's group to 0 if script owner is root

thias · thias · commit 9990f2e39e84 · 2015-03-05T17:06:36.000+01:00
When files on a puppetmaster are owned by a non-root user,
concatfragments.sh gets installed on the nodes with a group
owner matching the one of the master.

This has no security implications since the file is mode 755,
but does lead to possible ping-pong situations when switching
between environments where the files on the master have
different group ownership.

Use '0' instead of 'root', since the root user's main group
isn't always 'root' on some BSDs, but always '0'.
diff --git a/manifests/setup.pp b/manifests/setup.pp
@@ -37,6 +37,8 @@
 
   $script_owner = $::osfamily ? { 'windows' => undef, default => $::id }
 
+  $script_group = $script_owner ? { 'root' => '0', default => undef }
+
   $script_mode = $::osfamily ? { 'windows' => undef, default => '0755' }
 
   $script_command = $::osfamily? {
@@ -51,6 +53,7 @@
   file { $script_path:
     ensure => file,
     owner  => $script_owner,
+    group  => $script_group,
     mode   => $script_mode,
     source => "puppet:///modules/concat/${script_name}",
   }
