Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3061

move_obstructions causes the agent to emit erroneous error messages when files are moved out of the way where directories should exist

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: (None)
    • Resolution: Unresolved
    • Affects Version/s: 3.12.2
    • Fix Version/s: None
    • Labels:
      None

      Description

      When a list of directories is promised with move_obstructions plain files are successfully moved out of the way but an error is emitted indicating that the directory could not be created because a file exists.

          info: Moving obstructing file/link /tmp/mail/mbox1 to /tmp/mail/mbox1.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox1/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
      

      Testing

      synthesis of the users policy

      mkdir -p /tmp/mail/ 
      rm -rf /tmp/mail/*  
      touch /tmp/mail/mbox1 /tmp/mail/mbox2 /tmp/mail/mbox3
      ls /tmp/mail
      
      mbox1
      mbox2
      mbox3

      Policy:

      bundle agent example
      {
       vars:
            "files_or_dirs"
              slist => findfiles( "/tmp/mail/*" );
      
        reports:
            "$(files_or_dirs)";
      
        files:
      
            # What's wrong with this?
            "$(files_or_dirs)/"
              create => "true",
              file_select => plain,
              move_obstructions => "true";
      }
      
      bundle agent __main__
      {
        methods: "example";
      
      }
      

      Output:

          info: Moving obstructing file/link /tmp/mail/mbox1 to /tmp/mail/mbox1.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox1/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
          info: Moving obstructing file/link /tmp/mail/mbox2 to /tmp/mail/mbox2.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox2/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
          info: Moving obstructing file/link /tmp/mail/mbox3 to /tmp/mail/mbox3.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox3/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
      R: /tmp/mail/mbox1
      R: /tmp/mail/mbox2
      R: /tmp/mail/mbox3
          info: Moving obstructing file/link /tmp/mail/mbox1.cf-moved to /tmp/mail/mbox1.cf-moved.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox1.cf-moved/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
          info: Moving obstructing file/link /tmp/mail/mbox2.cf-moved to /tmp/mail/mbox2.cf-moved.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox2.cf-moved/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
          info: Moving obstructing file/link /tmp/mail/mbox3.cf-moved to /tmp/mail/mbox3.cf-moved.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox3.cf-moved/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
      R: /tmp/mail/mbox1.cf-moved
      R: /tmp/mail/mbox2.cf-moved
      R: /tmp/mail/mbox3.cf-moved
          info: Moving obstructing file/link /tmp/mail/mbox1.cf-moved.cf-moved to /tmp/mail/mbox1.cf-moved.cf-moved.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox1.cf-moved.cf-moved/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
          info: Moving obstructing file/link /tmp/mail/mbox2.cf-moved.cf-moved to /tmp/mail/mbox2.cf-moved.cf-moved.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox2.cf-moved.cf-moved/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
          info: Moving obstructing file/link /tmp/mail/mbox3.cf-moved.cf-moved to /tmp/mail/mbox3.cf-moved.cf-moved.cf-moved to make directory
         error: Error creating file '/tmp/mail/mbox3.cf-moved.cf-moved/', mode '0600'. (open: 'File exists'). Most likely a dangling symlink is in the way. Refusing to create the target file of dangling symlink (security risk).
      R: /tmp/mail/mbox1.cf-moved.cf-moved
      R: /tmp/mail/mbox2.cf-moved.cf-moved
      R: /tmp/mail/mbox3.cf-moved.cf-moved
         error: Method 'example' failed in some repairs
      

      Why do I get these nasty errors?

      When the policy runs, the plain files are moved out of the way to -moved suffixed files because move_obstructions is enabled. The ERROR seems to be a bug. We can see that the directories we expect to exist, do exist in the end. The plain files, keep getting renamed to have extra -moved suffix on each pass.

      find /tmp/mail -type f
      
      /tmp/mail/mbox3.cf-moved.cf-moved.cf-moved
      /tmp/mail/mbox1.cf-moved.cf-moved.cf-moved
      /tmp/mail/mbox2.cf-moved.cf-moved.cf-moved
      find /tmp/mail -type d
      
      /tmp/mail
      /tmp/mail/mbox1.cf-moved
      /tmp/mail/mbox2.cf-moved.cf-moved
      /tmp/mail/mbox2.cf-moved
      /tmp/mail/mbox3.cf-moved.cf-moved
      /tmp/mail/mbox1
      /tmp/mail/mbox1.cf-moved.cf-moved
      /tmp/mail/mbox3.cf-moved
      /tmp/mail/mbox2
      /tmp/mail/mbox3
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                a10042 Nick Anderson
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Summary Panel