I recently observed a problem with a file promise which assures that a file remain in sync with the network copy and have certain permissions. For purposes of this discussion, I had two policy servers which were having problems which caused slow file transfers and were not quite in sync. The network timeouts caused cf-agent to run too long, so I'd have multiple cf-agent processes running on the same system. This particular file is on a busy web server, and is consulted by each request to the server. Normally, the file update and permission setting happen nearly instantly, so nothing happens. But this time, it appears that the new file was copied down, moved into place, and then the permissions were set several seconds later. My hypothesis is that the chmod caused by the perms promise doesn't happen until after the new file is moved into place, and with multiple (several hundred, by this time) cf-agent processes running, all fighting for locks in the lock database, there was a multi-second delay between the two parts of the promise. And since the servers were not in sync, it was sometimes copying the old file and sometimes copying the new file, so this delay was happening often enough for a web user to hit the web server during that window. The result was a failed web connection, which may or may not have indirectly resulted in data loss.
Is there an easy way to make the permission setting and network file copying a single atomic operation (perhaps set the permissions on the newly-downloaded temp file before doing the rename), or is my only available workaround to set the permissions on the policy server with a "preserve" option in the file copy promise?