cwjohnston
commented
7 years ago Hi @petecheslock, thanks for bringing this to our attention.
its likely related to the change to sensu-omnibus and other init changes.
I agree, this is a change introduced by the switch from sensu-build to sensu-omnibus. In talking with @amdprophet out of band, we've decided to affirm the new permissions as correct.
Guess i'm trying to figure out should
node['sensu']['admin_user']besensunow?
This is a good question. In addition to the directory permissions under /etc/sensu the value of node['sensu']['admin_user'] to set ownership on sensu_asset resources and SSL credentials.
I think changing https://github.com/sensu/sensu-chef/blob/develop/recipes/default.rb#L51 to use the value ofnode['sensu']['user'] instead of node['sensu']['admin_user'] would resolve the conflict with permissions defined in the package, allowing permissions for other files to remain as-is.
Expected Behavior
I dont believe this is actually specifically with sensu 0.28.4 that's just the version i noticed it in - its likely related to the change to sensu-omnibus and other init changes.
When sensu installs/upgrades this bit of code runs: https://github.com/sensu/sensu-omnibus/blob/master/config/templates/package-scripts/config.erb#L27-L34
Then in this cookbook - all those file permissions get overridden because the admin_user is
rootbut the package is setting the perms to besensu:sensuhttps://github.com/sensu/sensu-chef/blob/develop/recipes/default.rb#L51Current Behavior
Guess i'm trying to figure out should
node['sensu']['admin_user']besensunow?Steps to Reproduce (for bugs)
Context
Not a huge bug really, but i'm guessing its going to happen on every sensu upgrade? Should the sensu-omnibus not do a chown on each install/upgrade if it can create the dirs with the correct perms the first time?
Your Environment