On Tue, 2006-03-21 at 16:36 -0800, stucky wrote: > I'd say it is improper behaviour considering that I might wanna know > when permissions on such a file have changed without > getting email alerts every hour cause cfagent itself sets them to 600 > and then to 644. I don't wanna know that so I have to turn the inform > flag off. However, if someone just messes with /etc/hosts permission > I'd like to know hence the inform flag. > > Wouldn't it make more sense if cfagent read the 'mode' directive from > the copy: statement first and then set the permission > of /etc/hosts.cfnew to that. This way when it moves /etc/hosts.cfnew > to /etc/hosts it already has the correct permissions.
But what if the user has asked for the file to be more protected than the original permissions -- then there would be a window in which the file was available to others. That would be a security breach. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org http://cfengine.org/mailman/listinfo/help-cfengine
