Forum: CFEngine Help
Subject: Ownership issue with output files
Author: bijohnvincent
Link to topic: https://cfengine.com/forum/read.php?3,24996,24996#msg-24996
Hi I am newbie to cfengine. It would be great if anyone can help me to resolve
the issue.
I have developed a cfengine script to add new users with their priv/pub keys
along with password.
If I run the script manually "cf-agent -K -f ~/.cf", permission of the file is
644 and owner/group is root.; as below.
# ll /home/UsErNaMe/.ssh/
total 8
-rw-r--r--. 1 root root 397 Feb 23 12:35 authorized_keys
-rw-r--r--. 1 root root 1671 Feb 23 12:35 id_rsa
and if I put the scipt on 'masterfiles' dir, permission is 600; as below.
# ll /home/UsErNaMe/.ssh/
total 8
-rw-------. 1 root root 397 Feb 23 12:50 authorized_keys
-rw-------. 1 root root 1671 Feb 23 12:50 id_rsa
The expected output:
# ll /home/UsErNaMe/.ssh/
total 8
-rw-------. 1 UsErNaMe UsErNaMe 397 Feb 23 12:50 authorized_keys
-rw-------. 1 UsErNaMe UsErNaMe 1671 Feb 23 12:50 id_rsa
Also it seems that the cf script is being executed at frequent intervals even
if the script is not modified.
-----------------------------------------------------------------------------------------------------------------
Part of the script is as below.
body common control
{
bundlesequence => { "manage_users" };
inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" };
}
bundle agent create_ssh_dir(user)
{
vars:
"index" slist => getindices("$(user)");
classes:
"create_dir" expression => userexists("$(index)");
commands:
create_dir::
"/bin/rm -rf /$($(user)[$(index)])/.ssh/authorized_keys";
"/bin/rm -rf /$($(user)[$(index)])/.ssh/id_rsa";
files:
linux::
"$($(user)[$(index)])/.ssh/."
perms => mug("700","$(index)","$(index)"),
move_obstructions => "true",
create => "true";
"$($(user)[$(index)])/.ssh/authorized_keys"
perms => mug("600","$(index)","$(index)"),
move_obstructions => "true",
create => "true";
"$($(user)[$(index)])/.ssh/id_rsa"
perms => mug("600","$(index)","$(index)"),
move_obstructions => "true",
create => "true";
reports:
linux::
"$($(user)[$(index)])"
report_to_file => "$($(user)[$(index)])/.ssh/authorized_keys";
"$($(user)[$(index)])"
report_to_file => "$($(user)[$(index)])/.ssh/id_rsa";
}
body perms mug(mode,user,group)
{
owners => { "$(user)" };
groups => { "$(group)" };
mode => "$(mode)";
}
bundle agent manage_users
{
vars:
# Users to create
"users" string => "UsErS_FuLlNaMe_HeRe";
"users" string => "";
"users" string => "";
"users" string => "/home/UsErNaMe";
"users" string => "/bin/bash";
"users" string => "-m";
"users" string => "EnCrYpTeD_PAssWord_hErE";
"users" string => "This_is_A_Sample_PUBLIC_KEY";
"users" string => "This_is_a_Sample_PRIVATE_KEY";
methods:
"users" usebundle => create_ssh_dir("manage_users.users");
}
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
