Project

General

Profile

Actions

Bug #5632

closed

Permissions may be applied recursively even if not asked to by "filesPermissions" Technique

Added by Florian Heigl over 9 years ago. Updated over 9 years ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

We made a sanity technique that should employ basic parameters like correct permissions on most critical files/directories.
This technique is attached.
No directories there are configured to be recursed.

It starts being processed at / and the proceeds to /var. when processing /var it switches recursion on.

technique was updated to 1.1, no change.

I'll update with more info, but the basic thing is:
the permlist sets recursion = no.

Not sure how it gets overridden.


Files

permlist (3 KB) permlist Florian Heigl, 2014-10-09 19:20
filesPermissions.cf (9.74 KB) filesPermissions.cf Florian Heigl, 2014-10-09 19:20
Rudder_-_Directives_Management.jpg (62.1 KB) Rudder_-_Directives_Management.jpg Florian Heigl, 2014-10-09 19:20

Subtasks 1 (0 open1 closed)

Bug #5751: typo in filePermissions - missing ;ReleasedNicolas CHARLES2014-11-07Actions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #5747: filesPermissions recursion applied although not configuredReleasedJonathan CLARKE2014-11-06Actions
Actions #1

Updated by Florian Heigl over 9 years ago

In verbose mode I was able to single out this message:


/default/files_permissions/methods/'any'/default/check_permissions/classes/'edit_recurse'[0]: Adding local bundle class 'edit_recurse'

The same did not happen for the directory / before this one, nor, as far as I could see for the next one.
I'll prepare some smart'ly grepped log to give info on this.

As far as I can see the whole of /inputs contains no deeply confidential info, so I can provide that via mail.

Actions #2

Updated by Florian Heigl over 9 years ago

Amazingly this does not happen in tiny home lab, only in big other lab.

Both SLES & technique version 1.1, but also a few differences. Not sure if i can i.e. transfer the cfengine folder and test on the currently fine system?

Actions #3

Updated by Florian Heigl over 9 years ago

Output showing the actual behaviour:


2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'file_exists'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes/'file_exists'[0]: Adding local bundle class 'file_exists'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'user_absent'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'group_absent'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'edit_owner'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes/'edit_owner'[0]: Adding local bundle class 'edit_owner'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'edit_group'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes/'edit_group'[0]: Adding local bundle class 'edit_group'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'edit_mode'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes/'edit_mode'[0]: Adding local bundle class 'edit_mode'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'edit_recurse'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes/'edit_recurse'[0]: Adding local bundle class 'edit_recurse'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'enable_suid'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'enable_sgid'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'is_symlink'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'classes_defined'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes/'classes_defined'[0]: Adding local bundle class 'classes_defined'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes: Evaluating promise 'can_edit_suid_sgid'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/classes/'can_edit_suid_sgid'[0]: Adding local bundle class 'can_edit_suid_sgid'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/vars: Evaluating promise 'identifier'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/vars: Evaluating promise 'extended_modes'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/vars: Skipping next promise 'extended_modes', as context 'classes_defined.enable_suid.!enable_sgid' is not relevant
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/vars: Evaluating promise 'extended_modes'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/vars: Skipping next promise 'extended_modes', as context 'classes_defined.!enable_suid.enable_sgid' is not relevant
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/vars: Evaluating promise 'extended_modes'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/vars: Skipping next promise 'extended_modes', as context 'classes_defined.enable_suid.enable_sgid' is not relevant
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/vars: Evaluating promise 'extended_modes'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions: Private classes augmented: file_exists edit_owner edit_group edit_recurse classes_defined edit_mode can_edit_suid_sgid
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files: Evaluating promise '${fileName}'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files: Skipping next promise '${fileName}', as context 'file_exists.edit_owner.!user_absent.!edit_recurse.!is_symlink' is not re
levant
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files: Evaluating promise '${fileName}'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files: Skipping next promise '${fileName}', as context 'file_exists.edit_group.!group_absent.!edit_recurse.!is_symlink' is not r
elevant
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files: Evaluating promise '${fileName}'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files: Skipping next promise '${fileName}', as context 'can_edit_suid_sgid.file_exists.edit_mode.!edit_recurse.!is_symlink' is n
ot relevant
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files: Evaluating promise '${fileName}'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files/'/var'[0]: Comment 'Setting the file owner'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files/'/var'[0]: Using literal pathtype for '/var'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files/'/var'[0]: Handling file existence constraints on '/var'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files/'/var'[0]: Additional promise info: source path '/var/rudder/cfengine-community/inputs/filesPermissions/1.1/filesPermissio
ns.cf' at line 136 comment 'Setting the file owner'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files/'/var'[0]: File permissions on '/var' as promised
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files/'/var'[0]: Defining promise result class 'b2117b05_0ae1_491a_b27f_96096f776785__d085c4f1_7bc8_4c6d_9fd0_1ac1a442f00f__15_v
ar_owner_ok'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files/'/var'[0]: Entering '/var/tmp', level 0
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files/'/var'[0]: Handling file existence constraints on '/var/tmp/openscap-_REDACTED_BY_FLO.x86_64.rpm'
2014-10-09T22:31:10+0200 verbose: /default/files_permissions/methods/'any'/default/check_permissions/files/'/var'[0]: Additional promise info: source path '/var/rudder/cfengine-community/inputs/filesPermissions/1.1/filesPermissio
ns.cf' at line 136 comment 'Setting the file owner'

Actions #4

Updated by Florian Heigl over 9 years ago

I disabled this directive (COREOS_Dirs) and the error messages are not coming anymore, so problem seems to be someone around here.

The parallel COREOS_Files is still active and working fine.

Actions #5

Updated by Nicolas CHARLES over 9 years ago

There is indeed something odd going on there.
Could you confirm the version of the rudder-agent you are using, both at your tiny home lab and big lab ?
Could you also try with the latest nightly of rudder-agent 2.11 ? We fixed something that may be related, in promises evaluation

Actions #6

Updated by Florian Heigl over 9 years ago

Versions where i have it happening:
rudder-agent-2.11.2.release-1.SLES.11 sles11sp2
rudder-agent-2.12.0.alpha1.git201409220505-1.SLES.11
sles11sp2

Versions where I don't have it happening:
rudder-agent-2.11.3.release-1.SLES.11 @ sles11sp3

Will update agent to requested version next.

Actions #7

Updated by Florian Heigl over 9 years ago

Tested installing the following agent:

http://www.rudder-project.org/rpm-2.11/SLES_11_SP1/x86_64/rudder-agent-2.11.3.release-1.SLES.11.x86_64.rpm

On tiny lab sles11sp3:
  1. zypper install rudder-agent-2.11.3.release-1.SLES.11.x86_64.rpm
    Segmentation fault
On other lab sles11sp2:
  1. zypper install rudder-agent-2.11.3.release-1.SLES.11.x86_64.rpm
    Segmentation fault (core dumped)
Actions #8

Updated by Florian Heigl over 9 years ago

rpm -Uvh works.

Actions #9

Updated by Florian Heigl over 9 years ago

Disabling all other directives made the problem go away. I'll re-enable them one by one.


R:
@Inventory@result_success@inventory-all@inventory-all@6@inventory@None@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4#Next inventory scheduled between 00:00 and 06:00
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Owner root already matches current owner for: /
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Group root already matches current group for: /
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Mode 0755 already matches current mode for: /
R: @FilesPermissions@result_success@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Owner, group and permissions already correct for /
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/boot/@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Owner root already matches current owner for: /boot/
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/boot/@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Group root already matches current group for: /boot/
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/boot/@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Mode 0755 already matches current mode for: /boot/
R: @FilesPermissions@result_success@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/boot/@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Owner, group and permissions already correct for /boot/
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/var@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Owner root already matches current owner for: /var
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/var@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Group root already matches current group for: /var
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/var@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Mode 0755 already matches current mode for: /var
R: @FilesPermissions@result_success@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/var@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Owner, group and permissions already correct for /var
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/var/lib@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Owner root already matches current owner for: /var/lib
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/var/lib@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Group root already matches current group for: /var/lib
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/var/lib@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Mode 0755 already matches current mode for: /var/lib
R: @FilesPermissions@result_success@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/var/lib@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Owner, group and permissions already correct for /var/lib
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/boot/grub@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Owner root already matches current owner for: /boot/grub
R: @FilesPermissions@log_info@b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@22@File permissions@/boot/grub@2014-10-11 13:36:18+00:00##1b724ab4-d066-467b-8aaf-c2fe2c8ca6b4@#Group root already matches current group for: /boot/grub
@

In my understanding, in RFC speak, correct???? that:
another directive SHOULD NOT be able to overlap this one's behaviour.

Actions #10

Updated by Florian Heigl over 9 years ago

It is triggered as soon as i "Enable" the second instance of this technique.
A directive called T_COREOS_File_permissions.

permlist if disabled:

@
  1. policyIsntanceId:file:user:group:mode:edituser:editgroup:editmode:suid:sgid:recursion
    b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@24:/:root:root:755:true:true:true:false:false:false
    b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@24:/var:root:root:755:true:true:true:false:false:false
    b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@24:/var/lib:root:root:755:true:true:true:false:false:false
    b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@24:/boot/:root:root:755:true:true:true:false:false:false
    b2117b05-0ae1-491a-b27f-96096f776785@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@24:/boot/grub:root:root:755:true:true:true:false:false:false
    @

permlist if enabled:

b2117b05-0ae1-491a-b27f-96096f776785
@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@25:/:root:root:755:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@25:/var:root:root:755:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@25:/var/lib:root:root:755:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@25:/boot/:root:root:755:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@d085c4f1-7bc8-4c6d-9fd0-1ac1a442f00f@25:/boot/grub:root:root:755:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/resolv.conf:root:root:644:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/nsswitch.conf:root:root:644:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/passwd:root:root:644:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/shadow:root:shadow:640:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/fstab:root:root:644:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/group:root:root:644:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/grub.conf:root:root:600:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/hosts:root:root:644:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/services:root:root:644:true:true:true:false:false:false
b2117b05-0ae1-491a-b27f-96096f776785
@da15f5d5-a0d5-4a70-b67c-f4e3067fcc02@25:/etc/ssh/sshd_config:root:root:640:true:true:true:false:false:false

I don't see a missing field in there on first glance.
All edit_recurse settings continue to be "false".

Actions #11

Updated by François ARMAND over 9 years ago

  • Category set to Techniques
  • Status changed from New to 8
  • Assignee set to Nicolas CHARLES
  • Priority changed from N/A to 1
  • Target version set to 2.11.4

Thank you so much for minimizing that one.

Nico, could you look to that ?

Actions #12

Updated by Nicolas CHARLES over 9 years ago

Thank you for the detailed bug report, i'm digging into it.

Actions #13

Updated by Nicolas CHARLES over 9 years ago

Ok, I managed to reproduce it
The suid and recursion is not correctly passed, only for /var entry.
I have so far no idea why

Actions #14

Updated by Nicolas CHARLES over 9 years ago

I've opened a bug on CFengine bugtracker
https://dev.cfengine.com/issues/6674

Actions #15

Updated by Nicolas CHARLES over 9 years ago

  • Status changed from 8 to Pending technical review
  • Assignee changed from Nicolas CHARLES to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/537

PR is available there
https://github.com/Normation/rudder-techniques/pull/537

Benoit, could you have a look at it ?
thanks

Actions #16

Updated by Nicolas CHARLES over 9 years ago

This bug is quite important, could you review it ?

Actions #17

Updated by Benoît PECCATTE over 9 years ago

  • Status changed from Pending technical review to Discussion
  • Assignee changed from Benoît PECCATTE to Nicolas CHARLES
Actions #18

Updated by Nicolas CHARLES over 9 years ago

  • Status changed from Discussion to Pending technical review
  • Assignee changed from Nicolas CHARLES to Benoît PECCATTE
  • Pull Request changed from https://github.com/Normation/rudder-techniques/pull/537 to https://github.com/Normation/rudder-techniques/pull/553
Actions #19

Updated by Nicolas CHARLES over 9 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100

Applied in changeset policy-templates:commit:8cec663a04bc21eb626d17dad83e27ddec5b0433.

Actions #20

Updated by Benoît PECCATTE over 9 years ago

Applied in changeset policy-templates:commit:8a8b758fc280b57a55d05abe5f5fc944fded27d4.

Actions #21

Updated by Vincent MEMBRÉ over 9 years ago

  • Subject changed from filesPermissions recursion applied although not configured to permissions may be applied recursively even if not asked to by "filesPermissions" Technique
Actions #22

Updated by Vincent MEMBRÉ over 9 years ago

  • Subject changed from permissions may be applied recursively even if not asked to by "filesPermissions" Technique to Permissions may be applied recursively even if not asked to by "filesPermissions" Technique
  • Target version changed from 2.11.4 to 2.6.19
Actions #23

Updated by Vincent MEMBRÉ over 9 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.6.19, 2.10.7 and 2.11.4, which were these days.

Actions

Also available in: Atom PDF