Bug#626280: cfengine3: cf-agent can't access logfile when running as non-root

Tue, 10 May 2011 07:21:17 -0700 

Package: cfengine3
Version: 3.0.5+dfsg-1
Severity: normal


When running as non-root user, cf-agent complains "Can't open lock-log file".
The error happens because it tries to work with files in /var/log, but doesn't
have enough permissions.

You may reproduce the issue from a non-root account as follows:

rm -rf ~/.cfagent
mkdir ~/.cfagent ~/.cfagent/bin ~/.cfagent/inputs
cp /usr/sbin/cf-* ~/.cfagent/bin/
cat - >~/.cfagent/inputs/promises.cf <<EOF
# -*- coding: utf-8; mode: cfengine -*-
body common control
{
  bundlesequence => { "test" };
}

bundle agent test
{
commands:
  "/bin/date" ;
}
EOF
env LANG=C cf-agent; echo $?

The commands will produce something like that:

Q: ".../bin/date": Tue May 10 15:40:36 YEKST 2011
I: Last 1 QUOTed lines were generated by promiser "/bin/date"
Can't open lock-log file /var/log/cf3.<hostname>.runlog
 !!! System error for fopen: "Permission denied"
1 <-- (take note exit code signals about some error)

The problem was found in package version 3.0.5+dfsg-1 from Ubuntu Natty,
but I beleive it affects Debian also. The cause is fhs-compilance patch.
As of git commit 4135c262699566a709eb940f8973b94b2a5f75a5, the patch
doesn't take into account that working directory for non-root users
is ~/.cfengine and FHS rules can't be applied in this case. In my opinion,
we should not change upstream behavior for regular users.

-- System Information:
Debian Release: squeeze/sid
  APT prefers natty-updates
  APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 
'natty-backports'), (500, 'natty')
Architecture: i386 (i686)

Kernel: Linux 2.6.35-28-generic-pae (SMP w/2 CPU cores)
Locale: LANG=ru_RU.utf8, LC_CTYPE=ru_RU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cfengine3 depends on:
ii  libc6                    2.13-0ubuntu13  Embedded GNU C Library: Shared lib
ii  libdb4.8                 4.8.30-5ubuntu2 Berkeley v4.8 Database Libraries [
ii  libpcre3                 8.12-3ubuntu2   Perl 5 Compatible Regular Expressi
ii  libssl0.9.8              0.9.8o-5ubuntu1 SSL shared libraries

cfengine3 recommends no packages.

cfengine3 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to