Try this:
files:
(!cdev_null|cbind9_devs_null_repaired)
"${cbind_dir}/dev/null"
comment => "Fix null device permission",
perms => mog("666", "root", "root"),
create => "false";
(!cdev_random|cbind9_devs_random_repaired)
"${cbind_dir}/dev/random"
comment => "Fix random device permission",
perms => mog("666", "root", "root"),
create => "false";
That is, run this promise if the class cdev_null is NOT set (i.e., the files
exist) or if the class cbind9_devs_null_repaired IS set (i.e., it was just
created).
--
Brian
On Aug 29, 2012, at 5:28 AM, [email protected] wrote:
> Forum: CFEngine Help
> Subject: Normal ordering, files and commands
> Author: stchesmeli
> Link to topic: https://cfengine.com/forum/read.php?3,27135,27135#msg-27135
>
> Hi all :)
>
> I'm writing a bundle to manage chrooted bind9 configuration.
> I need to create null and random device inside the chroot, with 666
> permission.
> If I am not mistaken, there is no file directive for creating device, so i
> must use commands directive to execute "mknod".
> But i want to ensure that permission are always right, so i use a file
> directive instead of use "-m 666" option with mknod
>
> So, here is my code:
>
>
>
> bundle agent config_bind9
> {
> vars:
> "cbind_dir" string => "/DATA/chroot_named";
> "cbind_user" string => "bind";
> "mknod" string => "/bin/mknod";
> "chmod" string => "/bin/chmod";
>
> classes:
> "cdev_null" not => fileexists ("${cbind_dir}/dev/null"); #
> Test if null device exist
> "cdev_random" not => fileexists ("${cbind_dir}/dev/random"); # Test if
> random device exist
>
> files:
> "${cbind_dir}/dev/null"
> comment => "Fix null device permission",
> perms => mog("666", "root", "root"),
> create => "false";
>
> "${cbind_dir}/dev/random"
> comment => "Fix random device permission",
> perms => mog("666", "root", "root"),
> create => "false";
>
> commands:
> "${mknod} ${cbind_dir}/dev/null c 1 3"
> classes => if_repaired("cbind9_devs_null_repaired"),
> ifvarclass => "cdev_null";
> "${mknod} ${cbind_dir}/dev/random c 1 8"
> classes => if_repaired("cbind9_devs_random_repaired"),
> ifvarclass => "cdev_random";
>
>
>
> What i was thinking:
> With normal ordering and the 3 passes:
>
> 1 pass:
> files don't exist, cdev_* classes are true, files permission are not fixed
> (because of create => "false") and commands are executed (mknod ....) because
> cdev_* classes are true
>
> 2 pass:
> files now exist (first pass has created them with mknod commands), classes
> cdev_* are false, permission are fixed by file directive, commands are not
> executed because cdev_* classes are false
>
> 3 pass:
> files still exist, classes cdev_* are still false, permission are not fixed
> because 2and pass has already fixed them, commands are not executed because
> cdev_* classes are false
>
> But i fact that doesn't work.
> what is really done is:
> 1 pass:
> files don't exist, cdev_* classes are true, files permission are not fixed
> (because of create => "false") and commands are executed (mknod ....) because
> cdev_* classes are true
>
> 2 pass: nothing
>
> 3 pass: nothing
>
> I don't understand why files permission are not corrected at the second pass ?
>
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
