Re: cfexecd and chmod($input

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfexecd and chmod($input_dir)

From:	Will Lowe
Subject:	Re: cfexecd and chmod($input_dir)
Date:	Tue, 8 Jun 2004 10:30:34 -0700
User-agent:	Mutt/1.5.5.1+cvs20040105i

It's not a huge issue in my environment -- I just have some error
reporting that parses the outputs/ logs and kept telling me that
directories were changing permissions.

But it does seem like 0700 is a very restricted definition of
"trusted", and it doesn't let the local admin define and enforce local
policies, which is what cfengine is all about.

On Tue, Jun 08, 2004 at 11:47:38AM -0500, Chip Seraphine wrote:
> I have the same problem.  I wanted mine to be 1770 in order to allow 
> sysadmins 
> to set flag files as themselves instead of root (so we could better account 
> for who did what), but all it did was fight with the hard coded chmod...
> 
> On Saturday 05 June 2004 03:12, Mark.Burgess@iu.hio.no wrote:
> > 
> > The directory must be trusted. Why do you care?
> > 
> > M
> > 
> > On  4 Jun, Will Lowe wrote:
> > > I'm running v 2.1.0p1.
> > > 
> > > Why does cfexecd insist on doing chmod($input_dir) whenever it runs?
> > > There's nothing secret in my cfagent configs, so I had update.conf set
> > > to set the input dir to 0755.
> > > 
> > > Looks like the code is at line 218 in cfexecd.c:
> > > 
> > > snprintf(VBUFF,bufsize,"%s/inputs",WORKDIR);
> > > chmod(VBUFF,0700); 
> > > snprintf(VBUFF,bufsize,"%s/outputs",WORKDIR);
> > > chmod(VBUFF,0700);
> > > 
> > 
> > 
> > 
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
> > Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 
> > 
> > 
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://lists.gnu.org/mailman/listinfo/help-cfengine
> > 
> 
> -- 
> 
> Chip Seraphine
> Unix Administrator
> TradeLink, LLC
> 312-264-2048
> chip@trdlnk.com
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine

-- 
                                        thanks,
                
                                        Will

[Prev in Thread]

Current Thread

[Next in Thread]

cfexecd and chmod($input_dir), Will Lowe, 2004/06/04
- Re: cfexecd and chmod($input_dir), Mark . Burgess, 2004/06/05
  - "Warning: Redefinition of macro" etc, Sami J. Mäkinen, 2004/06/05
    - Re: "Warning: Redefinition of macro" etc, Armin Wolfermann, 2004/06/05
    - Re: "Warning: Redefinition of macro" etc, Sami J. Mäkinen, 2004/06/05
  - Re: cfexecd and chmod($input_dir), Darrell Fuhriman, 2004/06/05
    - Re: cfexecd and chmod($input_dir), skaar, 2004/06/06
  - Re: cfexecd and chmod($input_dir), Chip Seraphine, 2004/06/08
    - Re: cfexecd and chmod($input_dir), Will Lowe <=
    - Re: cfexecd and chmod($input_dir), Mark . Burgess, 2004/06/08
    - Re: cfexecd and chmod($input_dir), Luke A. Kanies, 2004/06/08
    - Re: cfexecd and chmod($input_dir), Mark . Burgess, 2004/06/09
    - Re: cfexecd and chmod($input_dir), Chip Seraphine, 2004/06/09
    - Re: cfexecd and chmod($input_dir), Brendan Strejcek, 2004/06/09

Prev by Date: Re: cfexecd and chmod($input_dir)
Next by Date: Re: cfexecd and chmod($input_dir)
Previous by thread: Re: cfexecd and chmod($input_dir)
Next by thread: Re: cfexecd and chmod($input_dir)
Index(es):
- Date
- Thread