From 634aad0477bb3480270bc8beaaf8252bc06fcb77 Mon Sep 17 00:00:00 2001 From: Mehdi Abaakouk Date: Thu, 9 Aug 2012 10:08:33 +0200 Subject: let tftpd-hpa change the uid and gid of the process tftpd-hpa try to change the uid and gid of the process before serving a file and it can't if xinetd start the process with a user other than root. This result to this following message and tftp can't serve file in.tftpd[17609]: cannot set groups for user nobody To customise user/group of the running process we need to use -u option --- manifests/init.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 4fe22be..f91763e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -58,9 +58,10 @@ class tftp ( xinetd::service { 'tftp': port => $port, protocol => 'udp', - server_args => "${options} ${directory}", + server_args => "${options} -u ${username} ${directory}", server => $binary, - user => $username, + user => 'root', + group => 'root', bind => $address, socket_type => 'dgram', cps => '100 2', -- cgit v1.2.3 From ec833cbffc337c6733349061585ce532e4040991 Mon Sep 17 00:00:00 2001 From: Nan Liu Date: Mon, 20 Aug 2012 10:21:25 -0700 Subject: Update tftp xinetd fix. * Remove xinetd defaults for user/group. * Fix spec tests. --- manifests/init.pp | 2 -- spec/classes/tftp_spec.rb | 15 +++++---------- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index f91763e..300824d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -60,8 +60,6 @@ class tftp ( protocol => 'udp', server_args => "${options} -u ${username} ${directory}", server => $binary, - user => 'root', - group => 'root', bind => $address, socket_type => 'dgram', cps => '100 2', diff --git a/spec/classes/tftp_spec.rb b/spec/classes/tftp_spec.rb index 872a82d..948f86d 100644 --- a/spec/classes/tftp_spec.rb +++ b/spec/classes/tftp_spec.rb @@ -91,9 +91,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '69', 'protocol' => 'udp', - 'server_args' => '--secure /var/lib/tftpboot', + 'server_args' => '--secure -u nobody /var/lib/tftpboot', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'nobody', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', @@ -116,9 +115,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '69', 'protocol' => 'udp', - 'server_args' => '--secure /var/lib/tftpboot', + 'server_args' => '--secure -u tftp /var/lib/tftpboot', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'tftp', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', @@ -137,9 +135,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '69', 'protocol' => 'udp', - 'server_args' => '--secure /srv/tftp', + 'server_args' => '--secure -u tftp /srv/tftp', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'tftp', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', @@ -160,9 +157,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '69', 'protocol' => 'udp', - 'server_args' => '--secure --timeout 50 /srv/tftp', + 'server_args' => '--secure --timeout 50 -u tftp /srv/tftp', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'tftp', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', @@ -186,9 +182,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '1069', 'protocol' => 'udp', - 'server_args' => '--secure /tftpboot', + 'server_args' => '--secure -u root /tftpboot', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'root', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', -- cgit v1.2.3 From 5e4aa75d208e998f04da9fcc5210addebbad5e2e Mon Sep 17 00:00:00 2001 From: Nan Liu Date: Mon, 20 Aug 2012 10:22:04 -0700 Subject: Whitespace changes in rspec file. --- spec/classes/tftp_spec.rb | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/spec/classes/tftp_spec.rb b/spec/classes/tftp_spec.rb index 948f86d..12fefa9 100644 --- a/spec/classes/tftp_spec.rb +++ b/spec/classes/tftp_spec.rb @@ -10,10 +10,10 @@ describe 'tftp', :type => :class do should contain_file('/etc/default/tftpd-hpa') should contain_package('tftpd-hpa') should contain_service('tftpd-hpa').with({ - 'ensure' => 'running', - 'enable' => true, - 'hasstatus' => false, - 'provider' => nil, + 'ensure' => 'running', + 'enable' => true, + 'hasstatus' => false, + 'provider' => nil, }) } end @@ -28,9 +28,9 @@ describe 'tftp', :type => :class do should contain_file('/etc/default/tftpd-hpa') should contain_service('tftpd-hpa').with({ 'ensure' => 'running', - 'enable' => true, - 'hasstatus' => true, - 'provider' => 'upstart', + 'enable' => true, + 'hasstatus' => true, + 'provider' => 'upstart', }) } end @@ -45,11 +45,11 @@ describe 'tftp', :type => :class do }) should contain_service('tftpd-hpa').with({ - 'ensure' => 'running', - 'enable' => 'true', - 'hasstatus' => false, - 'provider' => 'base', - 'start' => '/usr/sbin/in.tftpd -l -a 0.0.0.0:69 -u nobody --secure /var/lib/tftpboot', + 'ensure' => 'running', + 'enable' => 'true', + 'hasstatus' => false, + 'provider' => 'base', + 'start' => '/usr/sbin/in.tftpd -l -a 0.0.0.0:69 -u nobody --secure /var/lib/tftpboot', }) } end -- cgit v1.2.3