[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: anyone tried being *very* explicit with respect to file permissions?
From: |
Steve Wray |
Subject: |
Re: anyone tried being *very* explicit with respect to file permissions? |
Date: |
Thu, 6 May 2004 13:04:07 +1200 |
User-agent: |
KMail/1.6.1 |
On Thursday 06 May 2004 11:59, Mike wrote:
> Given a golden machine write a script that captures the ownership
> and permissions of all files in /etc, /var, and /usr. Using that
> script generate a files.cf file specifying the files: stanza
> and an entry for every file on the golden system. Then run that
> files.cf file each night to verify that all files are what they
> should be.
>
> This seems like a slow way to force all files to be the correct
> ownership and permissions. Is there another way given that the
> files in /etc have different owners and groups?
I am currently working on an integration of cfengine and subversion (see
http://subversion.tigris.org/).
subversions file properties can be used to preserve data on uid, gid,
modes et.al. however it doesn't come with this support out of the box.
It also doesn't cope with symlinks.
What I am testing at the moment is a cfengine setup which runs an svn
update into a local working copy, refers to the svn properties on files
& directories and sets them accordingly, on the working copy, runs some
cfengine editfiles commands to localise the working copy and then
copies the working copy over to /etc
The remote working copy (on the gold server) has its svn properties set
by a similar script, deriving them from the actual file ownerships and
permissions.
These run as a wrapper for svn so every time one uses the wrapper to svn
commit or svn update the properties are inspected and set. Takes a
while though. If none of these properties have changed its faster to
use the regular svn.
The only thing I am (currently) not handling with subversion is symlinks
and for these I run a script which finds symlinks and creates a
cf.links file. Something like this;
#!/bin/bash
echo "links:" > cfengine/links.cf
find . -type l -printf "/etc/%P -> %l\n" \
| sed -e 's/%20/\$\(spc\)/' >> cfengine/links.cf