Hi all, I've run into an issue with "empty_file_before_editing" not emptying the file when it is being edited by CFengine.
I'm trying to achieve the following (based on http://www.cfengine.org/manuals/cf3-solutions.html#Distribute-ssh-keys) * Copy authorized keys from repository * If not present, add them to /root/.ssh/authorized_keys * But: clean out the file before editing to ensure no old keys remain in place The modified file promise looks like this: "/root/.ssh/authorized_keys" comment => "Regenerate authorized_keys for root", perms => mog("644","root","root"), create => "true", edit_defaults => "empty", edit_line => insert_file_if_no_line_matching("$(user)","$(local_cache)/$(user).pub"), action => if_elapsed("60"); I've added "edit_defaults => empty" which expands to a body from the COPB Library: body edit_defaults empty { empty_file_before_editing => "true"; edit_backup => "false"; max_file_size => "100000"; } The result I expected is that the authorized_keys file is emptied, only the missing keys are added. The actual result is that the old keys remain in place, and the new keys are simply added. Am I misunderstanding the effect of 'empty_file_before_editing => "true";', or is there an other error in my logic here? Thanks for your time! Met vriendelijke groet / Kind regards, Ed Voncken. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
