permission on certain files/dirs keep getting overwritten
From:
stucky
Subject:
permission on certain files/dirs keep getting overwritten
Date:
Thu, 16 Mar 2006 15:14:36 -0800
guys
First of all - contrats on a fabulous product !! I love it and embrace it !!
Of course, there are little things here and there I don't quite get yet and here is one of them:
I have a bunch of files: directives to make sure permissions are ok f.e.
YES i have inform set to true cause those perms shouldn't change and i wanna know if they do.
Because of that inform flag I receive an email every hour that the permission of that dir was changed from 755 to 700.
I was amazed first how this can happen till I realized that it's cfagent itself that changes the perm back to 755
during the update.conf phase and immediately back to 700 during the cfagent phase. Question is why ?
1. Permissions are fine:
[root@cfengine stucky]# ls -l /var/
total 160
drwxr-xr-x 2 root root 4096 Jul 8 2005 account
drwxr-xr-x 6 root root 4096 Dec 7 18:58 cache
drwx------ 9 root root 4096 Mar 15 23:39 cfengine
2. I run JUST the update phase of cfagent and the perm get set to 755:
[root@cfengine stucky]# /var/cfengine/bin/cfagent -If /var/cfengine/inputs/update.conf
[root@cfengine stucky]# ls -l /var/
total 160
drwxr-xr-x 2 root root 4096 Jul 8 2005 account
drwxr-xr-x 6 root root 4096 Dec 7 18:58 cache
drwxr-xr-x 9 root root 4096 Mar 15 23:39 cfengine
3. Of course cfagent now has to fix that again:
[root@cfengine stucky]# /var/cfengine/bin/cfagent -I --no-lock --no-splay
cfengine:cfengine: 5 processes matched sshd (should be <=4)
cfengine:cfengine: Object /var/cfengine had permission 755, changed it to 700
cfengine:cfengine: Update of image /etc/profile from master /usr/local/cfengine/masterfiles/configs/generic/profile on x.x.x.x
cfengine:cfengine: Object /etc/profile had permission 600, changed it to 644
cfengine:cfengine: Update of image /etc/hosts from master /usr/local/cfengine/masterfiles/configs/generic/hosts on x.x.x.x
cfengine:cfengine: Object /etc/hosts had permission 600, changed it to 644
As you can see this also happens with a bunch of other files like f.e /etc/hosts. I made sure this file gets copied from
the master with the right permissions:
I have no idea where the 600 permission comes from for /etc/hosts or 755 for /var/cfengine or any of the others. Funny enough,
some perms just stay the way they were set and I can't figure out how they differ from the others.
I don't see anything in update.conf that sets permissions on /var/cfengine or anything.
Yet it appears that this update.conf changes a bunch of permissions that cfagent then has to fix again.
I could just turn off the inform flag but this is really bugging me. Is is one of those things where I totally didn't grasp
the concept of cfengine and I'm using it the wrong way ? I wouldnt' think so since it has been working very well for me
otherwise and I really appreciate it as a tool. Can anyone give me a hint ?
Thx
Alex
-- stucky
[Prev in Thread]
Current Thread
[Next in Thread]
permission on certain files/dirs keep getting overwritten,
stucky<=