Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3116

Symlink ownership management is inconsistent

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: To Do
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: 3.10.3, 3.14.0
    • Fix Version/s: None
    • Labels:
      None

      Description

      First noticed in Ubuntu 18.04 because we have a promise for /etc/resolv.conf to be owned by root, and on Ubuntu 18.04 that file is a symlink pointing to a file owned by systemd-resolve.

      However, this is a more general bug report.

      root@host:/tmp/test-symlink# ls -l
      total 4
      -rw-r--r-- 1 root            root 146 Aug  7 18:50 test.cf
      -rw-r--r-- 1 systemd-resolve root   0 Aug  7 18:48 thefile
      lrwxrwxrwx 1 systemd-resolve root   7 Aug  7 18:48 thesymlink -> thefile
      root@host:/tmp/test-symlink# cat test.cf
      bundle agent main {
        files:
          any::
            "/tmp/test-symlink/thesymlink"
              perms => root;
      }
      
      body perms root {
        owners => { "root" };
      }
      root@host:/tmp/test-symlink# cf-agent -KIC -f ./test.cf
          info: Owner of '/tmp/test-symlink/thesymlink' was 101, setting to 0
      root@host:/tmp/test-symlink# ls -l
      total 4
      -rw-r--r-- 1 root            root 146 Aug  7 18:50 test.cf
      -rw-r--r-- 1 systemd-resolve root   0 Aug  7 18:48 thefile
      lrwxrwxrwx 1 root            root   7 Aug  7 18:48 thesymlink -> thefile
      root@host:/tmp/test-symlink# cf-agent -KIC -f ./test.cf
          info: Owner of '/tmp/test-symlink/thesymlink' was 101, setting to 0
      root@host:/tmp/test-symlink# ls -l
      total 4
      -rw-r--r-- 1 root            root 146 Aug  7 18:50 test.cf
      -rw-r--r-- 1 systemd-resolve root   0 Aug  7 18:48 thefile
      lrwxrwxrwx 1 root            root   7 Aug  7 18:48 thesymlink -> thefile
      root@host:/tmp/test-symlink#
      
      root@host:/tmp/test-symlink# ls -l
      total 4
      -rw-r--r-- 1 root            root 146 Aug  7 18:50 test.cf
      -rw-r--r-- 1 root            root   0 Aug  7 18:48 thefile
      lrwxrwxrwx 1 systemd-resolve root   7 Aug  7 18:48 thesymlink -> thefile
      root@host:/tmp/test-symlink# cf-agent -KIC -f ./test.cf
      root@host:/tmp/test-symlink# ls -l
      total 4
      -rw-r--r-- 1 root root 146 Aug  7 18:50 test.cf
      -rw-r--r-- 1 root root   0 Aug  7 18:48 thefile
      lrwxrwxrwx 1 root root   7 Aug  7 18:48 thesymlink -> thefile
      root@host:/tmp/test-symlink#
      

      Two problems:

      1. If the owner of the target of the symlink doesn't match the promised owner, a repair will be reported each time in inform mode, but the owner will not actually be changed.
      2. If the owner of the symlink doesn't match the promised owner, it will SILENTLY be changed, with no reporting even in inform mode.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mweilgart Mike Weilgart
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel