Comments (17)
Seems to be related to the account which runs puppet from that old boxen fork. Which user is that? Which permissions does it have? Is it root
?
from puppet-homebrew.
The account flow is:
zbentley
(member ofstaff
; the only real user account on the box besides a hidden corporate admin account that sets the master password) runs a ruby script.- Ruby script runs
sudo -p "prompt string" puppet apply ...
. It's shelling out and runningsudo
, not doing setuid itself. - This module runs
su zbentley -c [homebrew install]
.
Oddly, if I do sudo su zbentley
, or if I sudo su -
into a root shell and then su zbentley
, it works. If I try to simulate what the script is doing, but without Puppet, it also works:
zbentley~> sudo ruby -e 'system("/usr/bin/su zbentley -c /bin/bash -c echo foo > /Users/zbentley/testfile")'
That creates the expected file.
from puppet-homebrew.
I can no longer reproduce this issue on my Mac; I disabled and re-enabled account management, so perhaps something changed?
It seems like a good idea regardless to handle the su: Sorry
situation when switching users. Perhaps something like "if output contains 'su: Sorry' and a test su - $user /bin/true
prints any output at all, print a custom error message indicating a permissions issue"? That may just add meaningless complexity, though.
Either way, I am comfortable closing this unless others are experiencing the same issue. I'll leave it up to the maintainers to close or not.
from puppet-homebrew.
Happy to see the issue is resolved for you!
I'm inclined to agree: we should probably look into handling that case, or at least look more closely into the relevant logic. I'll keep this open as low-priority and take a look in the future.
from puppet-homebrew.
I am having the same exact issue. It only happens on 5-10 machines of about 25 (ElCap and Sierra).
If I go to a machine which is affected and execute the command /usr/bin/su myuser -c '/bin/bash -o pipefail -c "/usr/bin/curl -skSfL https://github.com/homebrew/brew/tarball/master | /usr/bin/tar xz -m --strip 1"'
manually it succeeds. However if I run it as root (like my puppet agent service does), ie. sudo /usr/bin/su xamarinqa -c '/bin/bash -o pipefail -c "/usr/bin/curl -skSfL https://github.com/homebrew/brew/tarball/master | /usr/bin/tar xz -m --strip 1"'
than I receive this error.
Any ideas what I can dig into?
from puppet-homebrew.
A full log of the run while running puppet agent -t --verbose --debug --trace
would be really helpful.
from puppet-homebrew.
I has to filter it unfortunately, but these are the only lines from this module.
�[0;32mInfo: Applying configuration version '1487970525'�[0m
�[0;36mDebug: Exec[install-homebrew](provider=posix): Executing '/usr/bin/su ruggles -c '/bin/bash -o pipefail -c "/usr/bin/curl -skSfL https://github.com/homebrew/brew/tarball/master | /usr/bin/tar xz -m --strip 1"''�[0m
�[0;36mDebug: Executing: '/usr/bin/su ruggles -c '/bin/bash -o pipefail -c "/usr/bin/curl -skSfL https://github.com/homebrew/brew/tarball/master | /usr/bin/tar xz -m --strip 1"''�[0m
�[mNotice: /Stage[main]/Homebrew::Install/Exec[install-homebrew]/returns: bin/brew: Can't create 'bin/brew'�[0m
�[mNotice: /Stage[main]/Homebrew::Install/Exec[install-homebrew]/returns: tar: Error exit delayed from previous errors.�[0m
�[mNotice: /Stage[main]/Homebrew::Install/File[/usr/local/bin/brew]: Dependency Exec[install-homebrew] has failures: true�[0m
�[0;36mDebug: /Stage[main]/Homebrew::Install/File[/usr/local/bin/brew]: Resource is being skipped, unscheduling all events�[0m
�[0;36mDebug: Class[Homebrew::Install]: Resource is being skipped, unscheduling all events�[0m
�
�[0;36mDebug: Stage[main]: Resource is being skipped, unscheduling all events�[0m
�[0;36mDebug: Finishing transaction 70109957580780�[0m
�[0;36mDebug: Storing state�[0m
�[0;36mDebug: Stored state in 0.03 seconds�[0m
�[mNotice: Applied catalog in 2.77 seconds�[0m
�[0;36mDebug: Dynamically-bound server lookup failed, falling back to report_server setting�[0m
�[0;36mDebug: Dynamically-bound port lookup failed; falling back to report_port setting�[0m
�[0;36mDebug: Using cached connection for https://ruggles-foreman.ruggles.local:8140�[0m
�[0;36mDebug: Caching connection for https://ruggles-foreman.ruggles.local:8140�[0m
�[0;36mDebug: Closing connection for https://ruggles-foreman.ruggles.local:8140�[0m
Doesn't really seem helpful?
from puppet-homebrew.
Hey @kdubau could you just verify that myuser
is xamarinqa
in your first comment? Also could you clarify which user you were running each command as?
Looks like the first relevant error in that log is
Homebrew::Install/Exec[install-homebrew]/returns: bin/brew: Can't create 'bin/brew'
That looks like a permissions issue to me. Could you paste the output of
ls -l /usr | grep local
ls -l /usr/local | grep brew
Hopefully all of the above information will help us figure out what's going on here.
from puppet-homebrew.
@TheKevJames Hey, yes my user is xamarinqa
.
Output requested:
ruggles-capitan-4:local xamarinqa$ ls -l /usr | grep local
drwxrwxr-x 18 xamarinqa staff 612 Feb 27 10:03 local
ruggles-capitan-4:local xamarinqa$ ls -l /usr/local | grep brew
drwxrwxr-x 2 xamarinqa admin 68 Feb 24 13:00 Homebrew
Thanks!
from puppet-homebrew.
I added this to my manifest and it resolved my issue.
File<|title == '/usr/local'|> {
ensure => directory,
owner => $user,
group => 'admin',
recurse => true,
}
from puppet-homebrew.
Hmm, are you by chance using version 1.5.0 of this package? This looks similar to a bug we fixed in 1.6.0.
If so, could you update to 1.6.0 and check whether the issue persists?
from puppet-homebrew.
This should already be fixed as @TheKevJames mentioned. If you are using latest could you let me know if you had homebrew installed before using this module?
We already change permissions on /usr/local
but we don't do it recursively because there may be other tools there which may require root:wheel
permissions.
https://github.com/TheKevJames/puppet-homebrew/blob/master/manifests/install.pp#L3-L23
from puppet-homebrew.
I'm on latest yes. For some reason in my environment I needed to set myuser:admin
on /usr/local
- setting only the group like this module does was not enough in my case.
from puppet-homebrew.
Hmm, we might be able to set the user on https://github.com/TheKevJames/puppet-homebrew/blob/master/manifests/install.pp#L19-L23 explicitly. I wonder if this could cause any negative side-effects? Note I specifically mean adding $homebrew::user
to this block and not changing anything about how it recurses.
I'm leaning towards "probably not", since my understanding is /usr/local
is supposed to by owned by myuser:mygroup
anyway... thoughts?
from puppet-homebrew.
I think that was the primary reason why homebrew moved from /usr/local
to /usr/local/Homebrew
because was messing with the permissions form other tools like postgresql or similar which require very specific permissions, user and groups.
By making the directory 775
and with an admin or similar group should avoid any of these issues. I tried on fresh machines and had 0 problems with this.
@kdubau would be possible to try on a VM or similar just in case you had that folder already messed up for another reason?
from puppet-homebrew.
I can say with a decent amount of confidence that yes the folder was already messed up for another reasons. When developing I was using a clean VM and had no problems.
from puppet-homebrew.
Cool, sounds like this is resolved to me then. Feel free to open up a new issue if you encounter any further issues.
from puppet-homebrew.
Related Issues (20)
- executing brew info from within puppet fails, but doing it manually in the shell works HOT 2
- Run brew commands from `/tmp` or similar public folder
- Unable to install from URL with mixed-case HOT 2
- Unable to install java8 due to sudo asking for password HOT 1
- Notify error when brew user has no privileges on cwd HOT 1
- fix puppet6 dependencies HOT 1
- fix PDK build in CI HOT 2
- privileged installers HOT 1
- Brewcask provider no longer works
- Dependency and Compatibility Versions HOT 1
- module doesn't support M1 installations HOT 6
- Unclear docs/recommendations for running as root (or not)
- Apple M1 Chip is installing Brew to usr/local/bin instead of /opt/homebrew
- Use proper homebrew installation script
- Update functionality does not work as expected HOT 3
- Fix bug for incomplete brew installations
- Handle better brew outputs
- /usr/local immutable on High Sierra
- Silently fails to install a package on first run of Puppet HOT 1
- /usr/local under High Sierra HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-homebrew.