The SF bugtracker entry for this is at http://www.6URL.com/JH7.
Cfengine 2.1.10 and 2.1.14 is changing the user / group of a file defined in a copy statement even though the stanza defines action=warn. I am seeing this on Solaris under two versions of CFE (both I have installed). It does this only if type=checksum is defined and the contents match. The test scenario is as follows: Create files zfile1,zfile2, and zfile3 in /tmp. Chown them to some random user and put the contents 'TEST' in them. Copy zfile1 and zfile2 to /var/cfengine/repository/demo. Modify /tmp/zfile3 and change the contents to "TEST2". Use the following stanzas: copy: any:: /var/cfengine/repository/demo/zfile dest=/tmp/zfile mode=0644 owner=root group=sys action=warn type=checksum inform=true /var/cfengine/repository/demo/zfile2 dest=/tmp/zfile2 mode=0644 owner=root group=sys action=warn inform=true /var/cfengine/repository/demo/zfile2 dest=/tmp/zfile3 mode=0644 owner=root group=sys action=warn type=checksum inform=true When cfagent is run with the -qv options, the following output will be generated in the logfile: Checking copy from localhost:/var/cfengine/repository/demo/zfile to /tmp/zfile cfengine:XXX: Owner of /tmp/zfile was 10110, setting to 0 cfengine:XXX: Group of /tmp/zfile was 1, setting to 3 Checking copy from localhost:/var/cfengine/repository/demo/zfile2 to /tmp/zfile2 cfengine:XXX: Image file /tmp/zfile2 out of date (should be copy of /var/cfengine/repository/demo/zfile2) Checking copy from localhost:/var/cfengine/repository/demo/zfile2 to /tmp/zfile3 . The owner / group of /tmp/zfile will now be root:sys, even though the action was 'warn'. This means the problem occurs when: *action = warn *type=checksum *the contents of the file are correct. I believe the problem is ImageCopy, CheckCopiedFile, and CheckExistingFile. They are all hardcoding the action flag to 'fixall' regardless of the value in the copy stanza. -d2 output of the problem occuring is below. Checking copy from localhost:/var/cfengine/repository/demo/zfile to /tmp/zfile Authentic connection verified GetLock(copy,_var_cfengine_repository_demo_zfile__tmp_zfile,time=1117148512), ExpireAfter=30, IfElapsed=1 GetLastLock() CheckOldLock(lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile) Unable to find lock data lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile SetLock(lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile) PutLock(lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile) Found no lock [lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile]: DB_NOTFOUND: No matching key/data pair found Directory for /tmp/zfile exists. Okay CheckImage (source=/var/cfengine/repository/demo/zfile destination=/tmp/zfile) ImageCopy(/var/cfengine/repository/demo/zfile,/tmp/zfile,+644,-7133) ExpandVarstring(localhost) IgnoredOrExcluded(/var/cfengine/repository/demo/zfile) file /tmp/zfile class any was not excluded Destination file /tmp/zfile exists CompareCheckSums(/var/cfengine/repository/demo/zfile,/tmp/zfile) Compare checksums on localhost:/var/cfengine/repository/demo/zfile & /tmp/zfile ChecksumFile(m,/var/cfengine/repository/demo/zfile) ChecksumFile(m,/tmp/zfile) Files were identical CheckCopiedFile(/tmp/zfile,+644,-7133) cfengine:XXX: Checking fs-object /tmp/zfile CheckExistingFile(+644,-7133) CheckOwner: 10110 uid 0 (Change owner to uid 0 if possible) Change group to gid 3 if possible) cfengine:XXX: Owner of /tmp/zfile was 10110, setting to 0 cfengine:XXX: Group of /tmp/zfile was 1, setting to 3 File okay, newperm = 644, stat = 644 Image file is up to date: /tmp/zfile Thank you, -Jason Martin _______________________________________________ Bug-cfengine mailing list Bug-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/bug-cfengine
