help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: clarification on use of groups

From: Lev Lvovsky
Subject: Re: clarification on use of groups
Date: Tue, 24 Feb 2004 18:41:56 -0800 
The method described below does not work for me...

Below is the very basic cfservd.conf:

----------
control:

  domain = ( domain.com )
  LogAllConnections = ( true )
  AllowUsers = ( root )
  TrustKeysFrom = ( 10.176.110.1/24 )

groups:

  smarthost = ( tsthvy1-smarthost )

admit:
  smarthost::
    /tmp/test *.domain.com
----------
running cfservd in debug mode, this is the output when parsing the groups section: 


----------
Resetting CLASS to ANY

LVALUE smarthost
HandleLVALUE(smarthost) in action Groups:
EQUALS =
LEFTBRACK
RVAL-VAROBJ tsthvy1-smarthost

HandleGroupRvalue(tsthvy1-smarthost)
HandleGroupRVal(tsthvy1-smarthost) group (smarthost), type=0
[No match of class]

RIGHTBRACK

   (No actions pending in Groups:)
InitializeAction()
   (No actions pending in Groups:)
----------
does the "[no match of class]" indicate some sort of oversight on my part? 

when trying to retrieve the file, this is the output from cfservd:

----------
AccessControl(/tmp/test)
AccessControl(/tmp/test,tsthvy1-smarthost.domain.com) encrypt request=1
cfservd access list is empty, no files are visible
cfservd: Host authorization/authentication failed or access denied
Transaction Send[t 114][Packed text]
Attempting to send 122 bytes
SendSocketStream, sent 122
cfservd: From (host=tsthvy1-smarthost.domain.com,user=root,ip=10.176.110.104) 
RecvSocketStream(8)
Transmission empty or timed out...
Transaction Receive [][]
RecvSocketStream(0)
cfservd terminating NULL transmission!
Terminating thread...
***Closing socket 5 from 10.176.110.104
Deleted item 10.176.110.104
----------
again "cfservd access list is empty, no files are visible" seems suspect... 

ANY help would be much appreciated!
-lev



On Feb 24, 2004, at 1:39 PM, Mark.Burgess@iu.hio.no wrote:



Hi - you cannot specify groups in the admit section, but you
can use groups to define classes that can be used to predicate
an admit rule e.g.

groups:

  mygroup = ( +nisgroup )

admit:

 mygoup::

   /file   *.domain
reply via email to
[Prev in Thread] Current Thread [Next in Thread]