There is a flaw in your example On Fri, 2005-12-30 at 09:46 -0600, Bill Gunter wrote: > I really think this is a bug. Here's the output from "cfservd -d2" for > two different files in the source tree. The first (check_dns) is a > regular file and the second (check_udp2) is a symlink to a regular file > in the same directory. On the source machine /u is a symlink to /devu. > > Received: [SYNCH 1135957075 STAT > /u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns] on socket 7 > AccessControl(/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns) > AccessControl(/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,hognose.arcsystems.com) > encrypt request=1 > Examining rule in access list > (/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,/var/cfengine/ppkeys/localhost.pub)? > Examining rule in access list > (/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,/u1/cfengine)? > Examining rule in access list > (/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,/cfengine)? > Examining rule in access list > (/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,/etc/init.d)? > Examining rule in access list > (/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,/opt)? > Examining rule in access list > (/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,/usr/local)? > Examining rule in access list > (/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,/etc)? > Examining rule in access list > (/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,/devu/deploy)? > Found a matching rule in access list > (/devu/deploy/sunos_sun4u/usr/local/nagios/libexec/check_dns,/devu/deploy)
This matches your final entry > > Received: [SYNCH 1135957075 STAT > /u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2] on socket 7 > AccessControl(/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2) > AccessControl(/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2,hognose.arcsystems.com) > encrypt request=1 > Examining rule in access list > (/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2,/var/cfengine/ppkeys/localhost.pub)? > Examining rule in access list > (/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2,/u1/cfengine)? > Examining rule in access list > (/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2,/cfengine)? > Examining rule in access list > (/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2,/etc/init.d)? > Examining rule in access list > (/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2,/opt)? > Examining rule in access list > (/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2,/usr/local)? > Examining rule in access list > (/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2,/etc)? > Examining rule in access list > (/u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2,/devu/deploy)? > cfservd: Host hognose.arcsystems.com denied access to > /u/deploy/sunos_sun4u/usr/local/nagios/libexec/check_udp2 This doesn't match your final entry /u != /devu M _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
