[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfexecd and chmod($input_dir)
From: |
Will Lowe |
Subject: |
Re: cfexecd and chmod($input_dir) |
Date: |
Tue, 8 Jun 2004 10:30:34 -0700 |
User-agent: |
Mutt/1.5.5.1+cvs20040105i |
It's not a huge issue in my environment -- I just have some error
reporting that parses the outputs/ logs and kept telling me that
directories were changing permissions.
But it does seem like 0700 is a very restricted definition of
"trusted", and it doesn't let the local admin define and enforce local
policies, which is what cfengine is all about.
On Tue, Jun 08, 2004 at 11:47:38AM -0500, Chip Seraphine wrote:
> I have the same problem. I wanted mine to be 1770 in order to allow
> sysadmins
> to set flag files as themselves instead of root (so we could better account
> for who did what), but all it did was fight with the hard coded chmod...
>
> On Saturday 05 June 2004 03:12, Mark.Burgess@iu.hio.no wrote:
> >
> > The directory must be trusted. Why do you care?
> >
> > M
> >
> > On 4 Jun, Will Lowe wrote:
> > > I'm running v 2.1.0p1.
> > >
> > > Why does cfexecd insist on doing chmod($input_dir) whenever it runs?
> > > There's nothing secret in my cfagent configs, so I had update.conf set
> > > to set the input dir to 0755.
> > >
> > > Looks like the code is at line 218 in cfexecd.c:
> > >
> > > snprintf(VBUFF,bufsize,"%s/inputs",WORKDIR);
> > > chmod(VBUFF,0700);
> > > snprintf(VBUFF,bufsize,"%s/outputs",WORKDIR);
> > > chmod(VBUFF,0700);
> > >
> >
> >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
> > Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> >
> >
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://lists.gnu.org/mailman/listinfo/help-cfengine
> >
>
> --
>
> Chip Seraphine
> Unix Administrator
> TradeLink, LLC
> 312-264-2048
> chip@trdlnk.com
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
--
thanks,
Will
- cfexecd and chmod($input_dir), Will Lowe, 2004/06/04
- Re: cfexecd and chmod($input_dir), Mark . Burgess, 2004/06/05
- Re: cfexecd and chmod($input_dir), Darrell Fuhriman, 2004/06/05
- Re: cfexecd and chmod($input_dir), Chip Seraphine, 2004/06/08
- Re: cfexecd and chmod($input_dir),
Will Lowe <=
- Re: cfexecd and chmod($input_dir), Mark . Burgess, 2004/06/08
- Re: cfexecd and chmod($input_dir), Luke A. Kanies, 2004/06/08
- Re: cfexecd and chmod($input_dir), Mark . Burgess, 2004/06/09
- Re: cfexecd and chmod($input_dir), Chip Seraphine, 2004/06/09
- Re: cfexecd and chmod($input_dir), Brendan Strejcek, 2004/06/09