hmm... I don't want to nip pick here, but this is the the help-cfengine list.
I suspect this is done on purpose. All cfrun should be able to do is tell the remote client to run his "known" configuration policy. It would be considered a security risk to let a cfrun execute an arbitrary file. While arguments about the security of this could be made. I believe this is Mark's intention. I suppose Mark needs to fix the fact that -qf worked. Here is a comment in cfservd.c: for (sp = args; *sp != '\0'; sp++) /* Blank out -K -f */ Note -K is also removed. In order to prevent someone from spamming the remote host. Now it may be implied in the documentation that cfrun is intended to only allow the execution of the known policy, but I think it should be explicitly documented that this parameters are not allowed. On Tue, 2005-04-19 at 17:32 -0700, Mark wrote: > Hi all, > > I just got cfrun to remote-update a machine. However, there seems to be some > problem with parsing the parameters. > > As far as I understand, the parameters are split into 3 groups, separated by > "--", so we have > cfrun <params for local cfrun> -- <params for remote cfagent> -- <addl active > classes> > > I want to pick a specific input file to execute on the remote server, the > same way as if I would call "cfagent -f > <special_input_file>" over on the remote box. So I use: > cfrun -- "-f /home/server_config/cfengine/inputs/update.conf" -- > > However, I receive this: > cfservd Executing /usr/local/sbin/cfagent --no-splay --inform > /home/server_config/cfengine/inputs/update.conf > cfengine:::0: Warning: actionsequence is empty > cfengine:::0: Warning: perhaps cfagent.conf/update.conf have not yet been set > up? > > So it seems to cut off the "-f" and therefore does not understand that the > filename I give it is the input file I want it to use > The same thing happens if I use "--file <special_input_file>" > > Strangely, "-qf <special_input_file>" works - and for that matter any other > parameter between the "-" and the "f"... So this looks > like a bug in the command line parsing algorithm... Is that right? If not, > what am I doing wrong? > > Thanks, > > MARK > > > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@gnu.org > http://lists.gnu.org/mailman/listinfo/help-cfengine -- Christian Pearce http://www.sysnav.com http://www.commnav.com http://www.perfectorder.com
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
