[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cfengine + solaris + ACLs
From: |
Bob Smith |
Subject: |
cfengine + solaris + ACLs |
Date: |
Mon, 27 Oct 2003 18:21:03 -0800 |
on solaris 9 using cfengine 2.0.8p1 i am trying to ensure that the directory
/.ssh matches the following:
bosch:bsmith[117] ~ > getfacl /.ssh
# file: /.ssh
# owner: root
# group: root
user::rwx
group::--- #effective:---
group:sysadmin:r-x #effective:r-x
mask:r-x
other:---
i have tried both:
acl:
{ acl1
method:update
fstype:solaris
group:sysadmin:=rx
}
files:
/.ssh/ mode=0700 owner=root group=root action=fixdirs
acl=acl1
and:
acl:
{ acl2
method:overwrite
fstype:solaris
user:*:=rwx
group:*:noaccess
group:sysadmin:=rx
other:*:noaccess
}
files:
/.ssh/ owner=root group=root action=fixdirs
acl=acl2
however both give the following error, seen when cfagent is run with '-nv'
flags, and fail to correct the permissions:
...
Checking file(s) in /.ssh/
ACL method (overwrite/append) = u on /.ssh/
Old acl has 5 entries and is:
cfengine:bosch: Mode =rwx, name=sysadmin, type=group
cfengine:bosch: Added ACL entry 0: type = 8, id = 14, perm = 7
aclcheck failed
cfengine:bosch: acl: Missing group_obj, user_obj, class_obj, or other_obj
entries.
...
as near as i can tell from the documentation both of the above examples
should produce the desired effect.
any help would be appreciated.
_________________________________________________________________
Concerned that messages may bounce because your Hotmail account has exceeded
its 2MB storage limit? Get Hotmail Extra Storage!
http://join.msn.com/?PAGE=features/es
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- cfengine + solaris + ACLs,
Bob Smith <=