I'll add the uid to the error message t make it clearer
Ingersoll, Robert wrote:
> maryann:/home/root# cat test.cf
> body common control
> {
> bundlesequence => {"main"};
> }
>
> bundle agent main
> {
> files:
> any::
> "/var/opt/ids/alert\.log\.[0-9]{1,2}"
> file_select => "plain",
> transformer => "/bin/compress -f $(this.promiser)";
> }
>
> body file_select plain
> {
> file_types => { "plain" };
> file_result => "file_types";
> }
>
> maryann:/home/root# cf-agent -KI -f ./test.cf
> Directory /var in search path /var/opt/ids/alert\.log\.[0-9]{1,2} is
> controlled by another user - trusting its content is potentially risky
> (possible race)
> Promise (version not specified) belongs to bundle 'main' in file
> './test.cf' near line 13
> Directory /var/opt in search path /var/opt/ids/alert\.log\.[0-9]{1,2} is
> controlled by another user - trusting its content is potentially risky
> (possible race)
> Promise (version not specified) belongs to bundle 'main' in file
> './test.cf' near line 13
> Directory /var/opt/ids in search path
> /var/opt/ids/alert\.log\.[0-9]{1,2} is controlled by another user -
> trusting its content is potentially risky (possible race)
> Promise (version not specified) belongs to bundle 'main' in file
> './test.cf' near line 13
> Transforming: /bin/compress -f /var/opt/ids/alert.log.1
> Transformer /var/opt/ids/alert.log.1 => /bin/compress -f
> /var/opt/ids/alert.log.1 seemed ok
>
> I do not understand how this is a "recursive" search or how to eliminate
> the warning.
>
> -----Original Message-----
> From: nwat...@symcor.com [mailto:nwat...@symcor.com]
> Sent: Wed 2/24/2010 11:07 AM
> To: Mark Burgess
> Cc: help-cfengine@cfengine.org; help-cfengine-boun...@cfengine.org;
> Ingersoll, Robert
> Subject: Re: Directory is controlled by another user - trusting its
> contentispotentially risky (possible race)
>
> help-cfengine-boun...@cfengine.org wrote on 2010-02-24 11:00:34:
>
>>
>> It means you are doing a recursive search that changes something, as
> root.
>> If you pass through a directory controlled by a non-root user, that user
>> could potentially redirect your changes to another location by
>> linking, hence the warning.
>
> That's very thoughtful. I would guess that Robert will want to use a
> file_select body instead, using file_types to include only plain files.
>
> Sincerely,
> --
> Neil Watson
> 416-673-3465
>
>
> ------------------------------------------------------------------------
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by person or
> entities other than the intended recipient is prohibited. If you
> received this in error, please contact the sender and delete the
> material from any computer.
>
> postmas...@stginc.com <mailto:postmas...@stginc.com>
> www.stginc.com <http://www.stginc.com>__
>
--
Mark Burgess
-------------------------------------------------
Professor of Network and System Administration
Oslo University College, Norway
Personal Web: http://www.iu.hio.no/~mark
Office Telf : +47 22453272
-------------------------------------------------
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
