Hi everyone
I'm struggling with managing permissions of a directory - my aim is to ensure
/root/.ssh has mode 700, but without needing to recurse through it. With a
promise such as the following, cf-agent states
cf3 -> Promise to skip base directory /root/.ssh/.
body common control {
bundlesequence => { "test" };
}
bundle agent test
{
files:
"/root/.ssh/."
comment => "Setup root's authorized_keys",
perms => m("700"),
create => "true";
"/root/.ssh/authorized_keys"
comment => "Setup root's authorized_keys",
perms => m("600"),
create => "true";
}
body perms m(mode)
{
mode => "$(mode)";
}
If I add in depth_search include_basedir => "true", it changes the permissions
recursively, which isn't what I want. How can I make this apply only to the
directory I've specified in the same way it works fine for the authorized_key
file?
Also, I was trying to use multiple body bundles for the same type in a single
promise, but cf-agent gives:
!! Multiple "file_select" (boolean) constraints break this promise
Here are the two I was trying to use:
body file_select exclude
{
leaf_name => { ".*" };
file_result => "leaf_name";
}
body file_select filetype(type)
{
file_types => { "$(type)" };
file_result => "file_types";
}
My reasoning is I'd like to use both but without creating a new body bundle
which specifies both, since it's only going to be used in one place.
I'm guessing there's no other way to do it than to create a new body type such
as the following, but just wanted some confirmation?
body file_select filetype_excluding(type,exclude)
{
file_types => { "$(type)" };
leaf_name => { "$(exclude)"};
file_result => "file_types&!leaf_name";
}
Thanks for all your help!
Kind regards
Andrew
Find great gifts for you this Valentine’s at NET-A-PORTER.COM
______________________________________________________________________
CONFIDENTIALITY NOTICE
The information in this email is confidential and is intended solely for the
addressee. Access to this email by anyone else is unauthorised. If you are not
the intended recipient, you must not read, use or disseminate the information.
Any views expressed in this message are those of the individual sender, except
where the sender specifically states them to be the views of Net a Porter Ltd.
Net A Porter Ltd is a company registered in England & Wales Number: 3820604
Registered Office: The Dome, Whiteleys Centre, 151 Queensway, London, W2 4YN.
_____________________________________________________________________
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
