CFEngine Help: Ownership issue with output files

[no-reply]

Forum: CFEngine Help
Subject: Ownership issue with output files
Author: bijohnvincent
Link to topic: https://cfengine.com/forum/read.php?3,24996,24996#msg-24996

Hi I am newbie to cfengine. It would be great if anyone can help me to resolve 
the issue.

I have developed a cfengine script to add new users with their priv/pub keys 
along with password. 

If I run the script manually "cf-agent -K -f ~/.cf", permission of the file is 
644 and owner/group is root.; as below.
# ll /home/UsErNaMe/.ssh/
total 8
-rw-r--r--. 1 root root  397 Feb 23 12:35 authorized_keys
-rw-r--r--. 1 root root 1671 Feb 23 12:35 id_rsa

and if I put the scipt on 'masterfiles' dir, permission is 600; as below.
# ll /home/UsErNaMe/.ssh/
total 8
-rw-------. 1 root root  397 Feb 23 12:50 authorized_keys
-rw-------. 1 root root 1671 Feb 23 12:50 id_rsa

The expected output:
# ll /home/UsErNaMe/.ssh/
total 8
-rw-------. 1 UsErNaMe UsErNaMe  397 Feb 23 12:50 authorized_keys
-rw-------. 1 UsErNaMe UsErNaMe 1671 Feb 23 12:50 id_rsa

Also it seems that the cf script is being executed at frequent intervals even 
if the script is not modified. 

-----------------------------------------------------------------------------------------------------------------
Part of the script is as below.

body common control
{
bundlesequence => { "manage_users" };
inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" };
}

bundle agent create_ssh_dir(user)
{
vars:
        "index" slist => getindices("$(user)");
classes:
        "create_dir" expression => userexists("$(index)");
commands:
        create_dir::
                "/bin/rm -rf /$($(user)[$(index)])/.ssh/authorized_keys";
                "/bin/rm -rf /$($(user)[$(index)])/.ssh/id_rsa";
files:
       linux::
               "$($(user)[$(index)])/.ssh/."
               perms => mug("700","$(index)","$(index)"),
               move_obstructions => "true",
               create => "true";

               "$($(user)[$(index)])/.ssh/authorized_keys"
               perms => mug("600","$(index)","$(index)"),
               move_obstructions => "true",
               create => "true";

               "$($(user)[$(index)])/.ssh/id_rsa"
               perms => mug("600","$(index)","$(index)"),
               move_obstructions => "true",
               create => "true";
reports:
        linux::
                "$($(user)[$(index)])"
                report_to_file => "$($(user)[$(index)])/.ssh/authorized_keys";

                "$($(user)[$(index)])"
                report_to_file => "$($(user)[$(index)])/.ssh/id_rsa";
}

body perms mug(mode,user,group)
{
owners => { "$(user)" };
groups => { "$(group)" };
mode   => "$(mode)";
}

bundle agent manage_users
{
vars:
  # Users to create
  "users"  string => "UsErS_FuLlNaMe_HeRe";
  "users"       string => "";
  "users"       string => "";
  "users"      string => "/home/UsErNaMe";
  "users"     string => "/bin/bash";
  "users"     string => "-m";
  "users"  string => "EnCrYpTeD_PAssWord_hErE";
  "users"     string => "This_is_A_Sample_PUBLIC_KEY";
  "users"     string => "This_is_a_Sample_PRIVATE_KEY";

methods:
  "users"   usebundle => create_ssh_dir("manage_users.users");
}

_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine