Re: Failed to set group to '0': Operation not permitted
1,098 views
Skip to first unread message
jcbollinger
Oct 22, 2012, 9:54:47 AM10/22/12
to puppet...@googlegroups.com, 2pleas...@gmail.com
On Friday, October 19, 2012 9:38:25 AM UTC-5, Dominic wrote:
Hi everyone,
Here is the task, I just need to get the file from master, untar it and execute a file.
Step 1:
Working as a root user,having the default puppet.conf for root and the agent could get the source file from master , untar it and execute it.
Step 2:
Moving to non-root user, I have a different puppet.conf with the conf the master validates the agent and gets me the source , and untar it to the agent , but on the agent side I got the error.
Here is my puppet.conf
[main]
logdir = /home/user/var/log/puppet
rundir = /home/user/var/run/puppet
vardir = /home/user/var/lib/puppet
ssldir = $vardir/ssl
server=puppetmaster.example.com
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
[master]
certname=puppetmaster.example.com
On executing,
puppet agent --confdir-/home/user/etc -t,
Error: Failed to set group to '0': Operation not permitted - /home/user/unix.tar.gz
Error: /File[/home/user/unix.tar.gz]/ensure: change from absent to file failed: Failed to set group to '0': Operation not permitted - /home/user/.tar.gz
Though I set the tarball of the source in master to 777 permissions, I get the same error.
Your help is great appreciated, please let me know if you need any further info.
This problem is not directly related to puppet.conf. It is probably in issue in your init.pp file on the master (because that appears to be where you declare File[/home/user/unix.tar.gz]). The manifest leads Puppet to believe that the target file is supposed to have group 0, but changing the downloaded file's group requires the agent to run as root.
If you post the declaration of that file, then we may be able to tell you more.
I have a question, though: what is the purpose of having this run by an unprivileged user in the first place?
John
jcbollinger
Oct 22, 2012, 6:05:40 PM10/22/12
to puppet...@googlegroups.com, vive...@gmail.com, Pramoth Mangrer
On Monday, October 22, 2012 12:55:25 PM UTC-5, Dominic wrote:
Hi JCBollinger, Thank you so much for your suggestions.
Here goes my manifests:
#init.pp
class rabbitmq {
include rabbitmq::source, rabbitmq::service
}
#source.pp
class rabbitmq::source {
file { "/home/user": ensure => directory }
file { "/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz":
source => "puppet:///modules/rabbitmq/rabbitmq-server-generic-unix-2.8.7.tar.gz",
alias => "rabbitmq-source-tgz",
before => Exec["untar-rabbitmq-source"]
}
exec { "/bin/tar xzvf rabbitmq-server-generic-unix-2.8.7.tar.gz":
cwd => "/home/user/",
creates => "/home/user/rabbitmq_server-2.8.7",
alias => "untar-rabbitmq-source",
subscribe => File["rabbitmq-source-tgz"]
}
}
#service.pp
class rabbitmq::service {
exec { "rabbitmq_service":
environment => "HOME=/home/user",
command=> "/home/user/rabbitmq_server-2.8.7/sbin/rabbitmq-server -detached ",
require => Class["rabbitmq::source"]
}
}
We dont have root permissions, as we are hosting it in the Cloud.
I'm not sure why that inherently means you don't have root, but whatever.
So, supposing the issue is with File["/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz"], it's not immediately clear to me whether Puppet's behavior is correct here. It seems to be defaulting the target group to 0 (since you don't specify a group, that has to be coming in as a default). That's not documented behavior, but it may still be intentional. On the other hand, it is usual for the agent to run as root, which would mask this behavior. I would suggest that you file a ticket.
In the mean time, I would try to work around the issue by adding a 'group' parameter to the file that specifies the correct target group (presumably the primary group of the user who is running Puppet).
Good luck,
John
Stefan Schulte
Oct 23, 2012, 2:43:14 PM10/23/12
to puppet...@googlegroups.com
On Mon, Oct 22, 2012 at 03:05:40PM -0700, jcbollinger wrote:
> I'm not sure why that inherently means you don't have root, but whatever.
>
> So, supposing the issue is with
> File["/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz"], it's not
> immediately clear to me whether Puppet's behavior is correct here. It
> seems to be defaulting the target group to 0 (since you don't specify a
> group, that has to be coming in as a default). That's not documented
> behavior, but it may still be intentional. On the other hand, it is usual
> for the agent to run as root, which would mask this behavior. I would
> suggest that you file a ticket.
>
If you do not specify owner/group/mode and you don't have a global
> I'm not sure why that inherently means you don't have root, but whatever.
>
> So, supposing the issue is with
> File["/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz"], it's not
> immediately clear to me whether Puppet's behavior is correct here. It
> seems to be defaulting the target group to 0 (since you don't specify a
> group, that has to be coming in as a default). That's not documented
> behavior, but it may still be intentional. On the other hand, it is usual
> for the agent to run as root, which would mask this behavior. I would
> suggest that you file a ticket.
>
default and the file needs to be created, it will be created with
owner/group/mode of the source file. This can of course fail if the
agent is not run as root.
FWIW there was a discussion about the current behaviour quite a while
ago, but the last comment is over a year old now:
http://projects.puppetlabs.com/issues/5240
-Stefan
Reply all
Reply to author
Forward
0 new messages