bug-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cfengine removes "too much" file-permissions (patch included)

From: Martin Jost
Subject: cfengine removes "too much" file-permissions (patch included)
Date: Thu, 07 Mar 2002 12:54:07 +0100 
Hello,

this is based on cfengine2.0.b4.
cfengine sometime removes permissions on files, which it shouldn't:

Example:
Before:
-rwxrwxrwx    1 jost     users           0  6. März 18:34 dummy


Example1: (in cfagent.conf)
      /home/jost/cfengine/dummy         mode=ug=rx owner=jost group=users
action=fixplain

After: (ok)
-r-xr-x---    1 jost     users           0  6. März 18:34 dummy


Example2:
- cfagent.conf
      /home/jost/cfengine/dummy         mode=ug=r,o=x owner=jost
group=users action=fixplain

cfagent -v
...
Checking file(s) in /home/jost/cfengine/dummy
cfengine:lasagne: /home/jost/cfengine/dummy had permission 777,
changed it to 0

After: (Oops !)
----------    1 jost     users           0  6. März 18:34 dummy


My cvs log entry:
Symbolic Mode with more than one '=' got wrong results
("u=rwx,og=rx" would wipe out all permission-bits, see below)

SetMask() now takes an additional argument 'affected' carrying a
bit-mask
of the affected bits.
This is needed to get the '='-case right. Only the _not_ affected bits
may be added to 'minus' (*m).
Without this wrong bits are cleared.
E.g. 'mode=u=rwx,go=rw' will wipe out all (!) bits.
("----------")
[u=rwx would give (only looking at the lower 9 bits)
'value=700' thus ~value=077;
go=rw would give 'value=055' thus ~value=722;
Both '~value's ored together would yield '777' for minus -> all bits
dead]

I sent in a patch concerning this previous; it seems, that part of my
patch has  made it in 2.0b4.
(setting of "affected" for the symbolic modes) But is incomplete and
thus doesn't work

In addition:
"affected" set for numerical chmods too
SetMask() takes an additional argument 'affected' carrying a bit-mask
of the affected bits.
(Same change in prototypes.h)

The patch is attached to this message.
(Apply in cfengine...-Dir with 'patch -p1 < mode_patch')

Martin
Index: cfengine/src/modes.c
diff -c cfengine/src/modes.c:1.1.1.3 cfengine/src/modes.c:1.1.1.3.2.1
*** cfengine/src/modes.c:1.1.1.3        Wed Mar  6 12:37:22 2002
--- cfengine/src/modes.c        Wed Mar  6 19:10:55 2002
***************
*** 110,116 ****
--- 110,125 ----
        case '5':
        case '6':
        case '7': state = which;
+               affected = 07777; /* TODO: Hard-coded; see below */
                  sscanf(sp,"%o",&value);
+               if (value > 07777) /* TODO: Hardcoded !
+                                     Is this correct for all sorts of Unix ?
+                                     What about NT ?
+                                     Any (POSIX)-constants ??
+                                  */
+                    {
+                  yyerror("Mode-Value too big !\n");
+                    }
                  while (isdigit((int)*sp) && (*sp != '\0'))
                   {
                     sp++;
***************
*** 119,125 ****
                  break;

        case ',':
!                 SetMask(action,value,plusmask,minusmask);
                  action = '=';
                  affected = 0;
                  value = 0;
--- 128,134 ----
                  break;

        case ',':
!                 SetMask(action,value,affected,plusmask,minusmask);
                  action = '=';
                  affected = 0;
                  value = 0;
***************
*** 136,142 ****
                           }
                     }

!                 SetMask(action,value,plusmask,minusmask);
                  Debug1("[PLUS=%o][MINUS=%o]\n",*plusmask,*minusmask);
                  return;

--- 145,151 ----
                           }
                     }

!                 SetMask(action,value,affected,plusmask,minusmask);
                  Debug1("[PLUS=%o][MINUS=%o]\n",*plusmask,*minusmask);
                  return;

***************
*** 166,179 ****

  /*********************************************************/

! void SetMask(action,value,p,m)

  char action;
! int value;
  mode_t *p,*m;

  {
! Debug1("SetMask(%c%o)\n",action,value);

  switch(action)
     {
--- 175,188 ----

  /*********************************************************/

! void SetMask(action,value,affected,p,m)

  char action;
! int value, affected;
  mode_t *p,*m;

  {
! Debug1("SetMask(%c%o,%o)\n",action,value,affected);

  switch(action)
     {
***************
*** 187,193 ****
               return;
     case '=':
               *p |= value;
!              *m |= (~value) & 07777;
               return;
     default:
               sprintf(VBUFF,"Mode directive %c is unknown",action);
--- 196,202 ----
               return;
     case '=':
               *p |= value;
!              *m |= ((~value) & 07777 & affected);
               return;
     default:
               sprintf(VBUFF,"Mode directive %c is unknown",action);
Index: cfengine/src/prototypes.h
diff -c cfengine/src/prototypes.h:1.1.1.3 cfengine/src/prototypes.h:1.1.1.3.2.1
*** cfengine/src/prototypes.h:1.1.1.3   Wed Mar  6 12:37:23 2002
--- cfengine/src/prototypes.h   Wed Mar  6 19:11:53 2002
***************
*** 602,608 ****

  void ParseModeString ARGLIST((char *modestring, mode_t *plusmask, mode_t 
*minusmask));
  void CheckModeState ARGLIST((enum modestate stateA, int stateB, char ch));
! void SetMask ARGLIST((char action, int value, mode_t *p, mode_t *m));

  /* mount.c */

--- 602,608 ----

  void ParseModeString ARGLIST((char *modestring, mode_t *plusmask, mode_t 
*minusmask));
  void CheckModeState ARGLIST((enum modestate stateA, int stateB, char ch));
! void SetMask ARGLIST((char action, int value, int affected, mode_t *p, mode_t 
*m));

  /* mount.c */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]