consul-template does not preserve user and group owners of existing destination file

[jsfrerot]

Consul Template version

consul-template v0.25.0 (99efa64)

Opening new issue for same problem as 1061

Command

# ls -al web-key.pem
-rw-rw---- 1 root cloud 1675 May 12 17:14 web-key.pem
# systemctl restart consul-template@web
# ls -al web-key.pem
-rw-rw---- 1 root root 1679 May 12 17:26 web-key.pem

Expected behavior

What should have happened?
File shouldn't have changed ownership

Actual behavior

What actually happened?
Ownership is replace with the user/group of the running service. In this case root/root

Steps to reproduce

# ls -al web-key.pem
-rw-rw---- 1 root cloud 1675 May 12 17:14 web-key.pem
# systemctl restart consul-template@web
# ls -al web-key.pem
-rw-rw---- 1 root root 1679 May 12 17:26 web-key.pem

References

• consul-template does not preserve user and group owners of existing destination file #1061

[eikenb]

Hey @jsfrerot, belated thanks for the report.

I cannot reproduce this. Eg. running this little script the GID of the file stays the same and I verified the code is updating both the group (gid) and user (uid) ownership of the file. This is on Linux. Though it should work on any *nix. It will not work on Windows.

To run, replace [group] with a group are a member of (or anything if you test with root).

#!/bin/sh

rm -f out

echo foo > out
chgrp [group] out

cat > in.tmpl << EOF
bar
EOF

stat out
echo "-----------------------------------------------------------------"
consul-template -template "in.tmpl:out" -exec "cat out" -once > /dev/null
stat out

[AlexeyDemidov]

It seems that the file ownership is being reset to root:root when there is perms = present in template {} in the config file.

[eikenb]

Thanks @AlexeyDemidov, I was able to reproduce it with that additional information. I'm looking into it now.