Hi Sandra,
Answer bellow in the verbose output
On 12/02/2011 00:06, Sandra Wittenbrock wrote:
> I'm trying to copy a file from the policy host. The key exchange
> appears to be successful, and a "matching rule" is found in the access
> list. The file had read permissions. I'm not sure why access is denied.
>
> Regrads,
> Sandra
>
> f3 Received: [CAUTH 255.3.30.102 esg. root 0] on socket 6
> cf3 Allowing 255.3.30.102 to connect without (re)checking ID
> cf3 Non-verified Host ID is esg. (Using skipverify)
> cf3 Non-verified User ID seems to be root (Using skipverify)
> cf3 LastSaw host esg. now
> cf3 Received: [SAUTH y 256 37] on socket 6
> cf3 Loaded /var/lib/cfengine3/ppkeys/root-255.3.30.102.pub
> cf3 A public key was already known from esg. /255.3.30.102 - no trust
> required
> cf3 Adding IP 255.3.30.102 to SkipVerify - no need to check this if we
> have a key
> cf3 The public key identity was confirmed as root@esg.
> cf3 Strong authentication of client esg. /255.3.30.102 achieved
> cf3 Received: [SYNCH 1297465274 STAT
> /var/lib/cfengine3/masterfiles/cf-failsafe.sh] on socket 6
> cf3 Found a matching rule in access list
> (/var/lib/cfengine3/masterfiles/cf-failsafe.sh in
> /var/lib/cfengine3/masterfiles)
> cf3 No root privileges granted
Given this message, it seems you are trying to copy a file owned by
root. Then you need to give root privilege fot this host in the admit rule
You'll need something like
bundle server access_rules()
{
access:
"/var/lib/cfengine3/masterfiles/"
admit => { "255.3.30.102" },
maproot => { "255.3.30.102" };
}
Regards
Nicolas CHARLES
Normation SAS - http://www.normation.com
44 rue Cauchy – 94110 ARCUEIL
+33 (0)1 83 62 26 96 - +33 (0)6 14 63 25 18
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
