On Tue, May 17, 2011 at 08:23:31AM -0400, seth vidal wrote:
# clean up all but the last 1 month of puppet reports -/usr/sbin/tmpwatch --mtime 720 /var/lib/puppet/reports/ +/sbin/runuser -s /bin/sh - puppet -c "/usr/sbin/tmpwatch --mtime 720 /var/lib/
(scary how git diff cuts lines at end of terminal..)
It guards against symlink attack by anyone who can run something as user "puppet" and replace /var/lib/puppet/reports/ with a symlink to somewhere else (/).
for host in `echo /var/lib/puppet/reports/*` do
- /bin/ls -1 $host/*.yaml | head --lines=-48 | xargs --no-run-if-empty xz -9
- /bin/ls -1 $host/*.yaml | head --lines=-48 | \
/sbin/runuser -s /bin/sh - puppet -c "xargs --no-run-if-empty xz -9"
Guards against races before xargs and bugs in xz which might be processesing client controlled input. Would it be conceivable that xz can create a compressed file that cron will interpret as a cronjob if placed in /etc/cron.d? Similar to https://lwn.net/Articles/191080/ ?
I don't know, but I couldn't rule it out -- so I would much rather run the maintenance scripts with the correct privileges instead of root.
I'm not sure how it makes a hill of beans worth of difference.
It makes no network connections and performs nothing controversial.
"puppetmaster" running as "puppet" listens on the network, and has access to change these paths. But I'll agree it's probably not a big difference since the impact is mostly destroying a machine -- not owning it.. Would be great if there were some easier way to specify which user each cron.daily job should run as.
-jf