Re: denied access to /var/lib/cfengine3/masterfiles/conf/sshd_config

Fri, 11 Feb 2011 15:33:51 -0800 

Hi Sandra,

Le 12/02/2011 00:06, Sandra Wittenbrock a écrit :
> I'm trying to copy a file from the policy host.  The key exchange 
> appears to be successful, and a "matching rule" is found in the access 
> list.  The file had read permissions.  I'm not sure why access is denied.
> 
> Regrads,
> Sandra
> 
> f3 Received: [CAUTH 255.3.30.102 esg.  root 0] on socket 6
> cf3 Allowing 255.3.30.102 to connect without (re)checking ID
> cf3 Non-verified Host ID is esg.  (Using skipverify)
> cf3 Non-verified User ID seems to be root (Using skipverify)
> cf3 LastSaw host esg.  now
> cf3 Received: [SAUTH y 256 37] on socket 6
> cf3 Loaded /var/lib/cfengine3/ppkeys/root-255.3.30.102.pub
> cf3 A public key was already known from esg. /255.3.30.102 - no trust 
> required
> cf3 Adding IP 255.3.30.102 to SkipVerify - no need to check this if we 
> have a key
> cf3 The public key identity was confirmed as root@esg.
> cf3 Strong authentication of client esg. /255.3.30.102 achieved
> cf3 Received: [SYNCH 1297465274 STAT 
> /var/lib/cfengine3/masterfiles/cf-failsafe.sh] on socket 6
> cf3 Found a matching rule in access list 
> (/var/lib/cfengine3/masterfiles/cf-failsafe.sh in 
> /var/lib/cfengine3/masterfiles)
> cf3 No root privileges granted
> cf3 Host esg.  denied access to 
> /var/lib/cfengine3/masterfiles/cf-failsafe.sh
> cf3 From (host=esg. ,user=root,ip=255.3.30.102)
> cf3 ID from connecting host: (SYNCH 1297465274 STAT 
> /var/lib/cfengine3/masterfiles/cf-failsafe.sh)

Do you have access_rules defined for that server? Something like:

bundle server access_rules()
{
access:
  "/home/mark/LapTop"
    admit   => { "255.3.30.102" };
}

Hope this helps,
Jonathan
-- 
==========================================
Jonathan CLARKE
------------------------------------------
Normation
44 rue Cauchy, 94110 Arcueil, France
------------------------------------------
Telephone:  +33 (0)1 83 62 41 24
------------------------------------------
Web:        http://www.normation.com/
==========================================
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to