getting email alerts every hour cause cfagent itself sets them to 600 and then to 644. I don't wanna know that so I have to turn the inform flag off. However, if someone just messes with /etc/hosts permission I'd like to know hence the inform flag.
Wouldn't it make more sense if cfagent read the 'mode' directive from the copy: statement first and then set the permission of /etc/hosts.cfnew to that. This way when it moves /etc/hosts.cfnew to /etc/hosts it already has the correct permissions.
Can anyone at least confirm that my therory is correct ?
On 3/21/06, Eli Stair <[EMAIL PROTECTED]> wrote:
Yes, I always get this in my current implementation... if I have a copy
directive with explicit permissions, the file copies and immediately
sets perms after copy to the correct ones. I don't get alerts on this
alone since it occurs on the same pass, only an extra line when a file
is actually changed. Not using editfiles though, and haven't been
bothered enough to determine if this is even improper behaviour.
/eli
stucky wrote:
> Ok I narrowed it down and it turns out there is exactly one kind of file
> that this happens to.
> Some files (/etc/hosts is one of them) have both a copy AND an editfiles
> directive in cfagent.conf f.e. :
>
> control:
>
> actionsequence = ( processes links files copy editfiles tidy )
>
> copy:
>
> $(configpath)/generic/hosts
> dest=/etc/hosts
> owner=root
> group=root
> mode=644
> type=checksum
> backup=false
> server=$(masterhost)
>
> and later on :
>
> editfiles:
>
> { /etc/hosts
> LocateLineMatching "127\.0\.0\.1.+"
> AppendIfNoSuchLine "$(ipaddress) $(fqhost) $(host)"
> }
>
> This is based on the idea that every host should have a basic hosts file
> in place but then also gets itself added
> via a dns lookup so I don't have to maintain this stuff manually. It
> works so well and I was so excited when I first
> did it. I guess, however, since cfengine keeps editing the file after it
> was copied it has to copy it over again the next time
> and the next and so on cause it has changed from the original. That's
> why certain files keep getting replaced every time cfagent runs. It
> makes perfect sense.
> What doesn't make sense is that they get copied with a permission of 600
> first and then adjust to whatever permission
> I have set in the copy: statement.
> Does anyone else have a similar setup where files get copied first and
> then edited ?
>
> On 3/20/06, *Leslie Smith* < [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> Yes, that sounds very strange.
> Good luck with that one :)
>
> Les
>
> ------------------------------------------------------------------------
> *From:* stucky [mailto:[EMAIL PROTECTED] <mailto: [EMAIL PROTECTED]>]
> *Sent:* Tue 3/21/2006 10:19 AM
> *To:* Leslie Smith
> *Subject:* Re: copy function creates mode 600 by default ?
>
> nope - That was one of the first things I checked. Perms in the repo
> are 644 just like the way I want them and my cfagent.conf statement
> sets them to 644 root:root, yet it keeps saying:
>
> Object /etc/hosts had permission 600, changed it to 644
>
> So it must be the copy function. Then again I'm sure Mark would have
> told me that right away (or someon else). I just have no other
> explaination.
>
>
> On 3/20/06, *Leslie Smith* < [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> Maybe you should check the permissions of the file in the
> repository, It may be duplicating those first, then changing them.
>
> Les
>
> ------------------------------------------------------------------------
> *From:* help-cfengine-bounces+les.smith= [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> on behalf of stucky
> *Sent:* Tue 3/21/2006 9:55 AM
> *To:* cfengine
> *Subject:* copy function creates mode 600 by default ?
>
> Guys
>
> I think my /etc/hosts permission problem might have to do with
> the way cfagent copies files.
>
>
> "...by copying first to a file called file.cfnew on the local
> filesystem, and then renaming it this quickly into place."
>
>
> Question is what default permission does hosts.cfnew have - I'm
> inclined to think it's 600 which would explain everything.
>
> The thing is I'd really like to know when permissions on my
> files change - even if cfengine fixes them again over the next
> hour - I like
> to know what's going on that's why I turned the inform flag on.
> If hosts.cfnew really creates a file with 600 first then I can't
> do that
> cause it causes email alerts to be sent every hour.
> Can you confirm that my theory is correct and If I just have to
> live with that ?
>
>
> --
> stucky
>
>
>
>
> --
> stucky
>
>
>
>
> --
> stucky
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> http://cfengine.org/mailman/listinfo/help-cfengine
--
stucky
_______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org http://cfengine.org/mailman/listinfo/help-cfengine
