First of all - contrats on a fabulous product !! I love it and embrace it !!
Of course, there are little things here and there I don't quite get yet and here is one of them:
I have a bunch of files: directives to make sure permissions are ok f.e.
/var/cfengine mode=700
owner=root
group=root
action=""> inform=true
YES i have inform set to true cause those perms shouldn't change and i wanna know if they do.
Because of that inform flag I receive an email every hour that the permission of that dir was changed from 755 to 700.
I was amazed first how this can happen till I realized that it's cfagent itself that changes the perm back to 755
during the update.conf phase and immediately back to 700 during the cfagent phase. Question is why ?
1. Permissions are fine:
[EMAIL PROTECTED] stucky]# ls -l /var/
total 160
drwxr-xr-x 2 root root 4096 Jul 8 2005 account
drwxr-xr-x 6 root root 4096 Dec 7 18:58 cache
drwx------ 9 root root 4096 Mar 15 23:39 cfengine
2. I run JUST the update phase of cfagent and the perm get set to 755:
[EMAIL PROTECTED] stucky]# /var/cfengine/bin/cfagent -If /var/cfengine/inputs/update.conf
[EMAIL PROTECTED] stucky]# ls -l /var/
total 160
drwxr-xr-x 2 root root 4096 Jul 8 2005 account
drwxr-xr-x 6 root root 4096 Dec 7 18:58 cache
drwxr-xr-x 9 root root 4096 Mar 15 23:39 cfengine
3. Of course cfagent now has to fix that again:
[EMAIL PROTECTED] stucky]# /var/cfengine/bin/cfagent -I --no-lock --no-splay
cfengine:cfengine: 5 processes matched sshd (should be <=4)
cfengine:cfengine: Object /var/cfengine had permission 755, changed it to 700
cfengine:cfengine: Update of image /etc/profile from master /usr/local/cfengine/masterfiles/configs/generic/profile on x.x.x.x
cfengine:cfengine: Object /etc/profile had permission 600, changed it to 644
cfengine:cfengine: Update of image /etc/hosts from master /usr/local/cfengine/masterfiles/configs/generic/hosts on x.x.x.x
cfengine:cfengine: Object /etc/hosts had permission 600, changed it to 644
As you can see this also happens with a bunch of other files like f.e /etc/hosts. I made sure this file gets copied from
the master with the right permissions:
$(configpath)/generic/hosts dest=/etc/hosts
owner=root
group=root
mode=644
type=checksum
backup=false
server=$(masterhost)
I have no idea where the 600 permission comes from for /etc/hosts or 755 for /var/cfengine or any of the others. Funny enough,
some perms just stay the way they were set and I can't figure out how they differ from the others.
I don't see anything in update.conf that sets permissions on /var/cfengine or anything.
Here is my update.conf:
control:
smtpserver = ( smtp1.domain.net )
sysadm = ( [EMAIL PROTECTED] )
actionsequence = ( copy tidy )
ChecksumDatabase = ( /var/cfengine/cfdb )
ChecksumUpdates = ( true )
domain = ( idf.net )
workdir = ( /var/cfengine )
policyhost = ( x.x.x.x )
master_cfinput = ( /usr/local/cfengine/masterfiles/configs/cfengine )
cf_install_dir_el3 = ( /usr/local/cfengine/masterfiles/binaries/el3 )
cf_install_dir_el4 = ( /usr/local/cfengine/masterfiles/binaries/el4 )
copy:
$(master_cfinput)/update.conf dest=$(workdir)/inputs/update.conf
mode=644
type=binary
server=$(policyhost)
$(master_cfinput)/cfagent.conf dest=$(workdir)/inputs/cfagent.conf
mode=644
type=binary
server=$(policyhost)
redhat_es_3::
$(cf_install_dir_el3)/cfagent dest=$(workdir)/bin/cfagent
mode=755
type=checksum
server=$(policyhost)
$(cf_install_dir_el3)/cfservd dest=$(workdir)/bin/cfservd
mode=755
type=checksum
server=$(policyhost)
$(cf_install_dir_el3)/cfexecd dest=$(workdir)/bin/cfexecd
mode=755
type=checksum
server=$(policyhost)
$(cf_install_dir_el3)/cfenvd dest=$(workdir)/bin/cfenvd
mode=755
type=checksum
server=$(policyhost)
redhat_es_4::
$(cf_install_dir_el4)/cfagent dest=$(workdir)/bin/cfagent
mode=755
type=checksum
server=$(policyhost)
$(cf_install_dir_el4)/cfservd dest=$(workdir)/bin/cfservd
mode=755
type=checksum
server=$(policyhost)
$(cf_install_dir_el4)/cfexecd dest=$(workdir)/bin/cfexecd
mode=755
type=checksum
server=$(policyhost)
$(cf_install_dir_el4)/cfenvd dest=$(workdir)/bin/cfenvd
mode=755
type=checksum
server=$(policyhost)
tidy:
$(workdir)/outputs pattern=*
age=7
Yet it appears that this update.conf changes a bunch of permissions that cfagent then has to fix again.
I could just turn off the inform flag but this is really bugging me. Is is one of those things where I totally didn't grasp
the concept of cfengine and I'm using it the wrong way ? I wouldnt' think so since it has been working very well for me
otherwise and I really appreciate it as a tool. Can anyone give me a hint ?
Thx
Alex
--
stucky
_______________________________________________ Help-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-cfengine
