I guess this way around, it would make sense too... Thanks. > > I suspect this is done on purpose. All cfrun should be able > to do is tell the remote client to run his "known" > configuration policy. It would be considered a security risk > to let a cfrun execute an arbitrary file. While arguments > about the security of this could be made. I believe this is > Mark's intention. > > I suppose Mark needs to fix the fact that -qf worked. > > Here is a comment in cfservd.c: > > for (sp = args; *sp != '\0'; sp++) /* Blank out -K -f */ > > Note -K is also removed. In order to prevent someone from > spamming the remote host. > > Now it may be implied in the documentation that cfrun is > intended to only allow the execution of the known policy, but > I think it should be explicitly documented that this > parameters are not allowed. > > On Tue, 2005-04-19 at 17:32 -0700, Mark wrote: > > Hi all, > > > > I just got cfrun to remote-update a machine. However, there > seems to > > be some problem with parsing the parameters. > > > > As far as I understand, the parameters are split into 3 groups, > > separated by "--", so we have cfrun <params for local cfrun> -- > > <params for remote cfagent> -- <addl active classes> > > > > I want to pick a specific input file to execute on the > remote server, > > the same way as if I would call "cfagent -f > <special_input_file>" over > > on the remote box. So I use: cfrun -- "-f > > /home/server_config/cfengine/inputs/update.conf" -- > > > > However, I receive this: > > cfservd Executing /usr/local/sbin/cfagent --no-splay > --inform /home/server_config/cfengine/inputs/update.conf > > cfengine:::0: Warning: actionsequence is empty > > cfengine:::0: Warning: perhaps cfagent.conf/update.conf > have not yet > > been set up? > > > > So it seems to cut off the "-f" and therefore does not > understand that > > the filename I give it is the input file I want it to use The same > > thing happens if I use "--file <special_input_file>" > > > > Strangely, "-qf <special_input_file>" works - and for that > matter any > > other parameter between the "-" and the "f"... So this looks like a > > bug in the command line parsing algorithm... Is that right? If not, > > what am I doing wrong? > > > > Thanks, > > > > MARK > > > > > > > > _______________________________________________ > > Help-cfengine mailing list > > Help-cfengine@gnu.org > > http://lists.gnu.org/mailman/listinfo/help-cfengine > -- > Christian Pearce > http://www.sysnav.com > http://www.commnav.com > http://www.perfectorder.com >
------------------------------------------------ Mark Arnold Freightgate - New Dimensions in e-Logistics (sm) ISO9001:2000 Certified Company Visit us at http://www.freightgate.com Email: [EMAIL PROTECTED] Phone: (714) 799-2833 Fax: (714) 799-0100 > -----Original Message----- > From: Christian Pearce [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 20, 2005 6:00 AM > To: Mark > Cc: help-cfengine@gnu.org > Subject: Re: Cfrun parameter parsing bug? > > > hmm... I don't want to nip pick here, but this is the the > help-cfengine list. > > I suspect this is done on purpose. All cfrun should be able > to do is tell the remote client to run his "known" > configuration policy. It would be considered a security risk > to let a cfrun execute an arbitrary file. While arguments > about the security of this could be made. I believe this is > Mark's intention. > > I suppose Mark needs to fix the fact that -qf worked. > > Here is a comment in cfservd.c: > > for (sp = args; *sp != '\0'; sp++) /* Blank out -K -f */ > > Note -K is also removed. In order to prevent someone from > spamming the remote host. > > Now it may be implied in the documentation that cfrun is > intended to only allow the execution of the known policy, but > I think it should be explicitly documented that this > parameters are not allowed. > > On Tue, 2005-04-19 at 17:32 -0700, Mark wrote: > > Hi all, > > > > I just got cfrun to remote-update a machine. However, there > seems to > > be some problem with parsing the parameters. > > > > As far as I understand, the parameters are split into 3 groups, > > separated by "--", so we have cfrun <params for local cfrun> -- > > <params for remote cfagent> -- <addl active classes> > > > > I want to pick a specific input file to execute on the > remote server, > > the same way as if I would call "cfagent -f > <special_input_file>" over > > on the remote box. So I use: cfrun -- "-f > > /home/server_config/cfengine/inputs/update.conf" -- > > > > However, I receive this: > > cfservd Executing /usr/local/sbin/cfagent --no-splay > --inform /home/server_config/cfengine/inputs/update.conf > > cfengine:::0: Warning: actionsequence is empty > > cfengine:::0: Warning: perhaps cfagent.conf/update.conf > have not yet > > been set up? > > > > So it seems to cut off the "-f" and therefore does not > understand that > > the filename I give it is the input file I want it to use The same > > thing happens if I use "--file <special_input_file>" > > > > Strangely, "-qf <special_input_file>" works - and for that > matter any > > other parameter between the "-" and the "f"... So this looks like a > > bug in the command line parsing algorithm... Is that right? If not, > > what am I doing wrong? > > > > Thanks, > > > > MARK > > > > > > > > _______________________________________________ > > Help-cfengine mailing list > > Help-cfengine@gnu.org > > http://lists.gnu.org/mailman/listinfo/help-cfengine > -- > Christian Pearce > http://www.sysnav.com > http://www.commnav.com > http://www.perfectorder.com > _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine