When you run any puppet command on your primary server, you get an
Insecure world writable directory error.
Error messages and logs
After running any
puppet command, such as
puppet agent -t:
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:49: warning: Insecure world writable dir /usr/local in PATH, mode 040777
This warning is returned by Ruby when a directory in
$PATH is insecurely set as writable by any user, which allows anyone with access to the system to add and run potentially malicious executables.
Version and installation information
PE version: All supported
Puppet Enterprise does not set world writable permissions on non-Puppet directories or files such as
/usr/local included in the error above. It’s possible that your organization uses custom code that sets that permission. To fix the error, change permissions on the file so that it is no longer world writable.
Caution: We don’t know how your organization is managing permissions, or whether changing the permissions on the file included in the error will break anything specific to your infrastructure. Please check with your colleagues before following the included steps to change the permissions on the file causing the error.
Check custom code that is not managed by Puppet Enterprise to confirm that permissions on the file are not being managed by Puppet Enterprise. If they are, fix any issues with the code affecting the file permissions on the affected path.
On the primary server, recursively disable the writable bit on the affected path for global users. For example,
sudo chmod -R o-w /usr/local