From 634aad0477bb3480270bc8beaaf8252bc06fcb77 Mon Sep 17 00:00:00 2001 From: Mehdi Abaakouk Date: Thu, 9 Aug 2012 10:08:33 +0200 Subject: let tftpd-hpa change the uid and gid of the process tftpd-hpa try to change the uid and gid of the process before serving a file and it can't if xinetd start the process with a user other than root. This result to this following message and tftp can't serve file in.tftpd[17609]: cannot set groups for user nobody To customise user/group of the running process we need to use -u option --- manifests/init.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'manifests/init.pp') diff --git a/manifests/init.pp b/manifests/init.pp index 4fe22be..f91763e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -58,9 +58,10 @@ class tftp ( xinetd::service { 'tftp': port => $port, protocol => 'udp', - server_args => "${options} ${directory}", + server_args => "${options} -u ${username} ${directory}", server => $binary, - user => $username, + user => 'root', + group => 'root', bind => $address, socket_type => 'dgram', cps => '100 2', -- cgit v1.2.3 From ec833cbffc337c6733349061585ce532e4040991 Mon Sep 17 00:00:00 2001 From: Nan Liu Date: Mon, 20 Aug 2012 10:21:25 -0700 Subject: Update tftp xinetd fix. * Remove xinetd defaults for user/group. * Fix spec tests. --- manifests/init.pp | 2 -- spec/classes/tftp_spec.rb | 15 +++++---------- 2 files changed, 5 insertions(+), 12 deletions(-) (limited to 'manifests/init.pp') diff --git a/manifests/init.pp b/manifests/init.pp index f91763e..300824d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -60,8 +60,6 @@ class tftp ( protocol => 'udp', server_args => "${options} -u ${username} ${directory}", server => $binary, - user => 'root', - group => 'root', bind => $address, socket_type => 'dgram', cps => '100 2', diff --git a/spec/classes/tftp_spec.rb b/spec/classes/tftp_spec.rb index 872a82d..948f86d 100644 --- a/spec/classes/tftp_spec.rb +++ b/spec/classes/tftp_spec.rb @@ -91,9 +91,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '69', 'protocol' => 'udp', - 'server_args' => '--secure /var/lib/tftpboot', + 'server_args' => '--secure -u nobody /var/lib/tftpboot', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'nobody', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', @@ -116,9 +115,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '69', 'protocol' => 'udp', - 'server_args' => '--secure /var/lib/tftpboot', + 'server_args' => '--secure -u tftp /var/lib/tftpboot', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'tftp', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', @@ -137,9 +135,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '69', 'protocol' => 'udp', - 'server_args' => '--secure /srv/tftp', + 'server_args' => '--secure -u tftp /srv/tftp', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'tftp', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', @@ -160,9 +157,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '69', 'protocol' => 'udp', - 'server_args' => '--secure --timeout 50 /srv/tftp', + 'server_args' => '--secure --timeout 50 -u tftp /srv/tftp', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'tftp', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', @@ -186,9 +182,8 @@ describe 'tftp', :type => :class do should contain_xinetd__service('tftp').with({ 'port' => '1069', 'protocol' => 'udp', - 'server_args' => '--secure /tftpboot', + 'server_args' => '--secure -u root /tftpboot', 'server' => '/usr/sbin/in.tftpd', - 'user' => 'root', 'socket_type' => 'dgram', 'cps' => '100 2', 'flags' => 'IPv4', -- cgit v1.2.3