When a file permissions/ownership promise is set to warn only Cf gives
full information regarding permissions but does not detail what is wrong
with ownership. See below.
[r...@unxxhd01 inputs]# ls -l /tmp/foo
-rw-r--r-- 1 root root 0 Dec 7 14:13 /tmp/foo
!! File /tmp/foo is owned by [root], group [root] <<<<------ Missing
'should be'.
I: Made in version 'not specified' of './bar.cf' near line 18
I: Comment:
!! /tmp/foo has permission 644 - [should be 600]
I: Made in version 'not specified' of './bar.cf' near line 18
I: Comment:
Test case:
######################
body common control {
bundlesequence => { "test" };
}
bundle common g {
classes:
"all" expression => "any";
}
bundle agent test {
files:
any::
"/tmp/foo"
action => warn_now,
perms => system(
"0600",
"nwatson",
"bin"
),
classes => cdefine(
"/tmp/foo_kept",
"/tmp/foo_repaired",
"/tmp/foo_failed"
);
reports:
all::
"/tmp/foo perms correct.",
ifvarclass => canonify("/tmp/foo_kept");
"WARNING: /tmp/foo perms fixed.",
ifvarclass => canonify("/tmp/foo_repaired");
"ALARM: /tmp/foo perms could not be fixed.",
ifvarclass => canonify("/tmp/foo_failed");
}
body classes cdefine (k,r,f){
promise_kept => {canonify("${k}")};
promise_repaired => {canonify("${r}")};
repair_failed => {canonify("${f}")};
}
body perms system(p,u,g) {
mode => "${p}";
owners => { "${u}" };
groups => { "${g}" };
}
body action warn_now{
action_policy => "warn";
log_level => "inform";
background => "true";
}
Sincerely,
--
Neil Watson
416-673-3465
CONFIDENTIALITY WARNING
This communication, including any attachments, is for the exclusive use of
addressee and may contain proprietary and/or confidential information. If you
are not the intended recipient, any use, copying, disclosure, dissemination or
distribution is strictly prohibited. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
communication and destroy all copies.
AVERTISSEMENT RELATIF À LA CONFIDENTIALITÉ
Ce message, ainsi que les pièces qui y sont jointes, est destiné à l’usage
exclusif de la personne à laquelle il s’adresse et peut contenir de
l’information personnelle ou confidentielle. Si le lecteur de ce message n’en
est pas le destinataire, nous l’avisons par la présente que toute diffusion,
distribution, reproduction ou utilisation de son contenu est strictement
interdite. Veuillez avertir sur-le-champ l’expéditeur par retour de courrier
électronique et supprimez ce message ainsi que toutes les pièces jointes.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
