On a *nix system a world writable file is one that anyone can write to.
This is often undesirable, especially in production, where who can
write to certain files should be limited and enabled with deliberation,
not by accident. Ideally you should not be deploying files with those
permissions, especially not across all your machines using puppet and
so I wrote this plugin to provide a small safety net.
classlocked_down_file {
file { '/tmp/open_octal':
ensure => 'file',
mode => '0666',
}
}
files should not be created with world writable permissions
The world_writable_files puppet-lint check is one possible solution to this. Once installed it will pick up any octal file modes that would grant world writable access. It doesn’t currently support symbolic file modes. I use the the no_symbolic_file_modes puppet-lint check ensure so this isn’t a problem for my repos but it might be a consideration for other peoples usages.