Puppet commands require root access

205 views
Skip to first unread message

Worker Bee

unread,
Jun 25, 2012, 5:46:39 PM6/25/12
to puppet...@googlegroups.com
Hi Everyone;

Why does running "puppet resource" require root/sudo access?  Is it supposed to be this way or do I have a permissions issue? 
I installed using the gzip files...

Thanks!

Douglas Brancaglion

unread,
Jun 25, 2012, 8:29:02 PM6/25/12
to puppet...@googlegroups.com
use sudo command in exec, no problem, but you need to configure sudoers file.

2012/6/25 Worker Bee <beewo...@gmail.com>


--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.



--
Douglas Brancaglion
Security Analist

Me

unread,
Jun 25, 2012, 9:12:22 PM6/25/12
to puppet...@googlegroups.com
Of course giving someone 'sudo puppet' is the same as giving them full root access. Just be aware of that. 
twitter: @procnetdev

jcbollinger

unread,
Jun 26, 2012, 8:55:23 AM6/26/12
to puppet...@googlegroups.com


On Monday, June 25, 2012 4:46:39 PM UTC-5, Worker Bee wrote:
Why does running "puppet resource" require root/sudo access?  Is it supposed to be this way or do I have a permissions issue? 
I installed using the gzip files...

I guess in principle it's for the same reason that the agent needs to run with root privilege: it otherwise doesn't have sufficient access to do its job.  In practice, I can't think of very many things I would expect 'puppet resource' to be able to find out that are actually privileged, at least on the systems I'm familiar with.  There are a few, however, including system passwords (hashes) and service statuses.


John

Stefan Schulte

unread,
Jun 26, 2012, 1:50:24 PM6/26/12
to puppet...@googlegroups.com
puppet resource doesnt necessarily require root access. E.g. running
�puppet resource group� should show you present groups and it should
work as a normal user. Like:

% puppet resource group wheel
group { 'wheel':
ensure => 'present',
gid => '10',
}

Just note that �puppet resource some_resource_type� needs a suitable
provider for the type. Most of the providers specify a few files that
have to be executable by the user that is running puppet. The �groupadd�
provider e.g. requires the commands "groupadd", "groupdel" and "groupmod".
If your unprivileged user doesnt have these commands in $PATH or doesn't
have access rights (I guess ubuntoo ships these commands with mode 0700)
puppet will not work.

-Stefan

Reply all
Reply to author
Forward
0 new messages