Re: denied access to /var/lib/cfengine3/masterfiles/conf/sshd_config

Fri, 11 Feb 2011 15:50:08 -0800 


On 02/11/2011 03:33 PM, Jonathan CLARKE wrote:
> Hi Sandra,
>
> Le 12/02/2011 00:06, Sandra Wittenbrock a écrit :
>    
>> I'm trying to copy a file from the policy host.  The key exchange
>> appears to be successful, and a "matching rule" is found in the access
>> list.  The file had read permissions.  I'm not sure why access is denied.
>>
>> Regrads,
>> Sandra
>>
>> f3 Received: [CAUTH 255.3.30.102 esg.  root 0] on socket 6
>> cf3 Allowing 255.3.30.102 to connect without (re)checking ID
>> cf3 Non-verified Host ID is esg.  (Using skipverify)
>> cf3 Non-verified User ID seems to be root (Using skipverify)
>> cf3 LastSaw host esg.  now
>> cf3 Received: [SAUTH y 256 37] on socket 6
>> cf3 Loaded /var/lib/cfengine3/ppkeys/root-255.3.30.102.pub
>> cf3 A public key was already known from esg. /255.3.30.102 - no trust
>> required
>> cf3 Adding IP 255.3.30.102 to SkipVerify - no need to check this if we
>> have a key
>> cf3 The public key identity was confirmed as root@esg.
>> cf3 Strong authentication of client esg. /255.3.30.102 achieved
>> cf3 Received: [SYNCH 1297465274 STAT
>> /var/lib/cfengine3/masterfiles/cf-failsafe.sh] on socket 6
>> cf3 Found a matching rule in access list
>> (/var/lib/cfengine3/masterfiles/cf-failsafe.sh in
>> /var/lib/cfengine3/masterfiles)
>> cf3 No root privileges granted
>> cf3 Host esg.  denied access to
>> /var/lib/cfengine3/masterfiles/cf-failsafe.sh
>> cf3 From (host=esg. ,user=root,ip=255.3.30.102)
>> cf3 ID from connecting host: (SYNCH 1297465274 STAT
>> /var/lib/cfengine3/masterfiles/cf-failsafe.sh)
>>      
> Do you have access_rules defined for that server? Something like:
>
> bundle server access_rules()
> {
> access:
>    "/home/mark/LapTop"
>      admit   =>  { "255.3.30.102" };
> }
>
> Hope this helps,
> Jonathan
>    

Jonathan,

Yes, I have access rules, and the output says, "Found a matching rule in 
access list".

 From serverd.cf:

bundle server access_rules {

     access:

         "/var/lib/cfengine3/masterfiles/conf/sshd_config"
             admit => { "255.3.30.102" };

}

Sandra


_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to