That is a documented security feature, not a bug. M On Thu, 2005-12-29 at 14:06 -0600, Bill Gunter wrote: > Okay, found the problem with the symlinks. Apparently the access control > is getting confused. I've allowed access with > > admit: > cfengine_server:: > /directory *.domain.com > > But the copy directive says > > class:: > /symlink_to_directory > > This works with regular files contained in /directory but not with > symlinks to files in the same directory. I changed the copy directive to > use the actual directory and not the symlink to it and it works fine. > This seems like a bug to me. > > > On Thu, 2005-12-29 at 13:03 -0600, Mark Burgess wrote: > > > > Look at the output of cfservd -d2 to see why this is happening. If > > you > > are traversing links, that is not honoured by access control. This > > has > > always been true > > M > > > > On Thu, 2005-12-29 at 12:46 -0600, Bill Gunter wrote: > > > v2.1.18 of cfservd (still v2.1.15 of cfagent) gives slightly > > different > > > errors, but the same results. It says "Unspecified refusal by > > server" > > > instead of "Host authorization/authentication failed or access > > denied" > > > > > > On Thu, 2005-12-29 at 12:21 -0600, Mark Burgess wrote: > > > > > > > > What does 2.1.18 do? > > > > > > > > On Thu, 2005-12-29 at 11:43 -0600, Bill Gunter wrote: > > > > > I've configured a copy directive and the symlinks that exist in > > the > > > > > directory being copied are not being copied, but all the > > regular > > > > files > > > > > in the directory are being copied. > > > > > > > > > > cfservd is throwing this error for each symlink: > > > > > > > > > > Dec 29 11:34:58 HOST cfservd[12692]: [ID 823470 daemon.error] > > Host > > > > > REMOTE denied access to /directory/symlink > > > > > Dec 29 11:34:58 HOST cfservd[12692]: [ID 702911 daemon.notice] > > Host > > > > > authorization/authentication failed or access denied > > > > > Dec 29 11:34:58 HOST cfservd[12692]: [ID 702911 daemon.notice] > > From > > > > > (host=REMOTE,user=root,ip=::ffff:111.111.111.111) > > > > > Dec 29 11:34:58 HOST cfservd[12692]: [ID 823470 daemon.error] > > ID > > > > from > > > > > connecting host: (SYNCH 1135877698 STAT /directory/symlink) > > > > > > > > > > Here's the directive. > > > > > > > > > > class:: > > > > > /directory > > > > > server=$(server) > > > > > dest=/remote_directory > > > > > owner=root > > > > > backup=false > > > > > recurse=inf > > > > > timestamps=keep > > > > > > > > > > I'm using v.2.1.15. > > > > > > > > > > > > > > > > >
_______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
