[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cfservd wants physical paths
From: |
Robert Cantu |
Subject: |
Cfservd wants physical paths |
Date: |
Fri, 14 Nov 2003 16:16:40 -0600 |
I'm having trouble with cfservd allowing a host to copy a file from the
server where the file resides in a directory that has at least one
symlink in it's path.
Example:
cfservd.conf
...
grant:
/var/cfengine/inputs <ip list>
encrypt=true
/var/cfengine/inputs is a symlink to somewhere else, let's say,
/usr/local/foo, which is also a symlink for /usr/local/bar. cfagent
running on the client machine connects and gets all the trusted keys
right, but it still says "Host authentication failed. Did you forget
the domain name?" when it hits the copy in update.conf. Back on the
server machine, with the Syslog = ( on ), cfservd logs the following
for the relevant request for copying cfagent.conf:
Nov 14 16:05:14 server cfservd[22716]: From (host=client.bar.com
user=root,ip=192.168.20.40)
Nov 14 16:05:14 server cfservd[22716]: ID from connecting host: (SYNCH
1068804314 STAT /var/cfengine/inputs/cfservd.conf)
Nov 14 16:05:14 server cfservd[22716]: Host client.bar.com denied
access to /usr/local/bar/cfagent.conf
Nov 14 16:05:14 server cfservd[22716]: Host
authorization/authentication failed or access denied
It seems that cfservd wants the absolute physical path (much like pwd
-P in bash). When I use the physical path in the grant section instead
of /var/cfengine/inputs, the cfagent doesn't even get access to try to
copy since it's requesting /var/cfengine/inputs/cfagent.conf, but it's
not in the grant: section. The only way I've gotten this to work is to
have grant: for both /var/cfengine/inputs and /usr/local/bar.
Is there any way to have cfservd not care about symlinks in the
admit|grant sections? Please CC my email so that I can view replys,
thanks.
Robert Cantu
robert@artistictech.net
- Cfservd wants physical paths,
Robert Cantu <=