[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cfengine + solaris + ACLs
|
From: |
Bob Smith |
|
Subject: |
cfengine + solaris + ACLs |
|
Date: |
Tue, 28 Oct 2003 15:18:24 -0800 |
on solaris 9 using cfengine 2.0.8p1 i am trying to set a ACL on a directory.
what seems odd is that cfengine seems to be setting the ACL, then switching
UIDs to the owner of the directory then can't update it's internal files
because it doesn't have access. i'm not sure why cfengine is changing users,
root should be able to modify ACLs. i'm also not sure why it's trying to
change it's internal files as this other user.
the dir i'm trying to set the ACL on:
bosch:bsmith[42] ~cm...cfengine/inputs > ls -lad /export/home/app
drwx------+ 4 app app 512 Oct 10 10:30 /export/home/app/
my cfagent.conf contains:
acl:
{ dir_strict_plus_sysadmin
method:overwrite
fstype:solaris
user:*:=rwx
group:*:noaccess
group:sysadmin:=rx
other:*:noaccess
mask:*:=rx
}
files:
/export/home/app mode=0700 owner=app group=app action=fixdirs
acl=dir_strict_plus_sysadmin
which produces the follwoing output:
cfengine:bosch: Checking fs-object /export/home/app
CheckExistingFile(+700,-7077)
IgnoredOrExcluded(/export/home/app)
FileObjectFilter(/export/home/app)
Directory...fixing x bits
CheckOwner: 2147483006
uid 2147483006
CheckACLs(/export/home/app)
ACL method (overwrite/append) = o on /export/home/app
Old acl has 5 entries and is:
a_type = 1, a_id = 2147483006, a_perm = 7
a_type = 4, a_id = 2147483006, a_perm = 0
a_type = 8, a_id = 14, a_perm = 5
a_type = 10, a_id = 0, a_perm = 0
a_type = 20, a_id = 0, a_perm = 0
method = o
cfengine:bosch: Mode ==rwx, name=, type=user
cfengine:bosch: Added ACL entry 0: type = 1, id = 2147483006, perm
= 7
cfengine:bosch: Mode =noaccess, name=, type=group
cfengine:bosch: Added ACL entry 1: type = 4, id = 2147483006, perm
= 0
cfengine:bosch: Mode ==rx, name=sysadmin, type=group
cfengine:bosch: Added ACL entry 2: type = 8, id = 14, perm = 5
cfengine:bosch: Mode =noaccess, name=, type=other
cfengine:bosch: Added ACL entry 3: type = 20, id = 0, perm = 0
cfengine:bosch: Mode ==rx, name=, type=mask
cfengine:bosch: Added ACL entry 4: type = 10, id = 0, perm = 5
new acl has 5 entries and is:
a_type = 1, a_id = 2147483006, a_perm = 7
a_type = 4, a_id = 2147483006, a_perm = 0
a_type = 8, a_id = 14, a_perm = 5
a_type = 10, a_id = 0, a_perm = 5
a_type = 20, a_id = 0, a_perm = 0
setting acl of /export/home/app with 5 acl-entries
Changing effective uid to 2147483006
effective uid now 2147483006
now the correct uid to manage acl of /export/home/app
File okay, newperm = 700, stat = 700
ReleaseCurrentLock(lock.cfagent_conf.bosch.files._export_home_app_700_7077_2147483006)
cfengine:bosch: Couldn't open lock database /var/cfengine/cfengine_lock_db
cfengine:bosch: db_open: Permission denied
Unable to delete lock
[lock.cfagent_conf.bosch.files._export_home_app_700_7077_2147483006]:
Invalid argument
PutLock(last.cfagent_conf.100.bosch.files._export_home_app_700_7077_2147483006)
LockLog(Lock removed normally )
cfengine:bosch: Can't open lock-log file /var/cfengine/cfengine.bosch.runlog
cfengine:bosch: fopen: Permission denied
cfengine:bosch:./cf.solaris:
_________________________________________________________________
Never get a busy signal because you are always connected with high-speed
Internet access. Click here to comparison-shop providers.
https://broadband.msn.com
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- cfengine + solaris + ACLs,
Bob Smith <=