maryann:/home/root# cat test.cf
body common control
{
bundlesequence => {"main"};
}
bundle agent main
{
files:
any::
"/var/opt/ids/alert\.log\.[0-9]{1,2}"
file_select => "plain",
transformer => "/bin/compress -f $(this.promiser)";
}
body file_select plain
{
file_types => { "plain" };
file_result => "file_types";
}
maryann:/home/root# cf-agent -KI -f ./test.cf
Directory /var in search path /var/opt/ids/alert\.log\.[0-9]{1,2} is controlled
by another user - trusting its content is potentially risky (possible race)
Promise (version not specified) belongs to bundle 'main' in file './test.cf'
near line 13
Directory /var/opt in search path /var/opt/ids/alert\.log\.[0-9]{1,2} is
controlled by another user - trusting its content is potentially risky
(possible race)
Promise (version not specified) belongs to bundle 'main' in file './test.cf'
near line 13
Directory /var/opt/ids in search path /var/opt/ids/alert\.log\.[0-9]{1,2} is
controlled by another user - trusting its content is potentially risky
(possible race)
Promise (version not specified) belongs to bundle 'main' in file './test.cf'
near line 13
Transforming: /bin/compress -f /var/opt/ids/alert.log.1
Transformer /var/opt/ids/alert.log.1 => /bin/compress -f
/var/opt/ids/alert.log.1 seemed ok
I do not understand how this is a "recursive" search or how to eliminate the
warning.
-----Original Message-----
From: nwat...@symcor.com [mailto:nwat...@symcor.com]
Sent: Wed 2/24/2010 11:07 AM
To: Mark Burgess
Cc: help-cfengine@cfengine.org; help-cfengine-boun...@cfengine.org; Ingersoll,
Robert
Subject: Re: Directory is controlled by another user - trusting its
contentispotentially risky (possible race)
help-cfengine-boun...@cfengine.org wrote on 2010-02-24 11:00:34:
>
> It means you are doing a recursive search that changes something, as
root.
> If you pass through a directory controlled by a non-root user, that user
> could potentially redirect your changes to another location by
> linking, hence the warning.
That's very thoughtful. I would guess that Robert will want to use a
file_select body instead, using file_types to include only plain files.
Sincerely,
--
Neil Watson
416-673-3465
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by person or entities other than the
intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
postmas...@stginc.com
www.stginc.com
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
