Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3015

Unstable permissions with copy_from

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Rejected
    • Priority: High
    • Resolution: Done
    • Affects Version/s: 3.14.0
    • Fix Version/s: None
    • Component/s: cf-agent
    • Labels:
      None

      Description

      [root@ole-01 deploy]# cat superhub.cf 
      body file control { inputs => { "$(sys.libdir)/stdlib.cf" }; }
      
      
      bundle agent manage_user
      {
          vars:
              "user"
                  string => "cfdropbox";
              "home"
                  string => "/home/$(user)";
              "create_files"
                  slist => {
                      "$(home)/.",
                      "$(home)/.ssh/.",
                      "$(home)/.ssh/authorized_keys"
                  };
          users:
              "$(user)"
                  policy => "present",
                  home_dir => "$(home)";
          files:
              "$(create_files)"
                  create => "true",
                  perms => mo("600", "$(user)");
              "$(home)/."
                  depth_search => recurse_with_base("inf"),
                  file_select => all,
                  perms => mo("600", "$(user)");
              "$(home)/.ssh/authorized_keys"
                  copy_from => copyfrom_sync("/root/.ssh/id_rsa.pub"),
                  perms => mo("600", "$(user)");
      }
      
      
      bundle agent manage_db
      {
          files:
              "/var/cfengine/state/pg/data/postgresql.conf"
                  edit_line => insert_lines("shared_buffers=1GB");
              "/var/cfengine/state/pg/data/postgresql.conf"
                  edit_line => insert_lines("max_locks_per_transaction=4000");
      }
      
      
      bundle agent __main__
      {
          methods:
              "manage_user" usebundle => manage_user;
              "manage_db" usebundle => manage_db;
      }
      [root@ole-01 deploy]# cf-agent --no-lock -I superhub.cf 
          info: Object '/home/cfdropbox/.ssh/authorized_keys' had permission 0600, changed it to 0644
          info: Object '/home/cfdropbox/.ssh/authorized_keys' had permission 0644, changed it to 0600
      [root@ole-01 deploy]# cf-agent --no-lock -I superhub.cf 
          info: Object '/home/cfdropbox/.ssh/authorized_keys' had permission 0600, changed it to 0644
          info: Object '/home/cfdropbox/.ssh/authorized_keys' had permission 0644, changed it to 0600
      [root@ole-01 deploy]# 

       

      Rejected, workaround provided by Nick:

      body copy_from lsync_without_preserving( file )
      # @brief Synchronize a local file path per copyfrom_sync but not preserving file permissions
      {
              inherit_from => copyfrom_sync( $(file) );
              preserve => "false";
      }

        Attachments

          Activity

            People

            • Assignee:
              olehermanse Ole Herman Schumacher Elgesem
              Reporter:
              olehermanse Ole Herman Schumacher Elgesem
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel