Yes, I always get this in my current implementation... if I have a copy
directive with explicit permissions, the file copies and immediately
sets perms after copy to the correct ones. I don't get alerts on this
alone since it occurs on the same pass, only an extra line when a file
is actually changed. Not using editfiles though, and haven't been
bothered enough to determine if this is even improper behaviour.
/eli
stucky wrote:
Ok I narrowed it down and it turns out there is exactly one kind of file
that this happens to.
Some files (/etc/hosts is one of them) have both a copy AND an editfiles
directive in cfagent.conf f.e. :
control:
actionsequence = ( processes links files copy editfiles tidy )
copy:
$(configpath)/generic/hosts
dest=/etc/hosts
owner=root
group=root
mode=644
type=checksum
backup=false
server=$(masterhost)
and later on :
editfiles:
{ /etc/hosts
LocateLineMatching "127\.0\.0\.1.+"
AppendIfNoSuchLine "$(ipaddress) $(fqhost) $(host)"
}
This is based on the idea that every host should have a basic hosts file
in place but then also gets itself added
via a dns lookup so I don't have to maintain this stuff manually. It
works so well and I was so excited when I first
did it. I guess, however, since cfengine keeps editing the file after it
was copied it has to copy it over again the next time
and the next and so on cause it has changed from the original. That's
why certain files keep getting replaced every time cfagent runs. It
makes perfect sense.
What doesn't make sense is that they get copied with a permission of 600
first and then adjust to whatever permission
I have set in the copy: statement.
Does anyone else have a similar setup where files get copied first and
then edited ?
On 3/20/06, *Leslie Smith* < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Yes, that sounds very strange.
Good luck with that one :)
Les
------------------------------------------------------------------------
*From:* stucky [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>]
*Sent:* Tue 3/21/2006 10:19 AM
*To:* Leslie Smith
*Subject:* Re: copy function creates mode 600 by default ?
nope - That was one of the first things I checked. Perms in the repo
are 644 just like the way I want them and my cfagent.conf statement
sets them to 644 root:root, yet it keeps saying:
Object /etc/hosts had permission 600, changed it to 644
So it must be the copy function. Then again I'm sure Mark would have
told me that right away (or someon else). I just have no other
explaination.
On 3/20/06, *Leslie Smith* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Maybe you should check the permissions of the file in the
repository, It may be duplicating those first, then changing them.
Les
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> on behalf of stucky
*Sent:* Tue 3/21/2006 9:55 AM
*To:* cfengine
*Subject:* copy function creates mode 600 by default ?
Guys
I think my /etc/hosts permission problem might have to do with
the way cfagent copies files.
"...by copying first to a file called file.cfnew on the local
filesystem, and then renaming it this quickly into place."
Question is what default permission does hosts.cfnew have - I'm
inclined to think it's 600 which would explain everything.
The thing is I'd really like to know when permissions on my
files change - even if cfengine fixes them again over the next
hour - I like
to know what's going on that's why I turned the inform flag on.
If hosts.cfnew really creates a file with 600 first then I can't
do that
cause it causes email alerts to be sent every hour.
Can you confirm that my theory is correct and If I just have to
live with that ?
--
stucky
--
stucky
--
stucky
------------------------------------------------------------------------
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
http://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
http://cfengine.org/mailman/listinfo/help-cfengine
