On Tue, 22 May 2012 20:57:26 -0500 Nick Anderson <n...@cmdln.org> wrote:
NA> On 05/22/2012 08:41 PM, Nick Anderson wrote: >> https://cfengine.com/manuals/cf3-Reference#Function-getenv NA> So env contains USER, and with that we can get gid. NA> "user" string => getenv("USER","20"); NA> "no" int => getfields("$(user):.*","/etc/passwd",":","userdata"); NA> "gid" string => "$(userdata[4])"; NA> It fails to execute properly if run as non root since it still tries to NA> change uid and gid for execution. so if its not root it will have to be NA> run without a container. I made a followup commit this morning doing the following: 1) recognize function calls in cfsketch, so defaults like getenv("USER", 128) will not be quoted 2) finish renaming vcs_freshclone to vcs_mirror, including docs and test.cf and all classes and variables. The docs are updated to show the new cfsketch-compatible call-by-prefix usage. test.cf works, although you have to adjust the bundle_home to your checkout location if you're not using cfsketch due to that pesky bug 718. Also cfengine_stdlib.cf is included relatively, from the cfsketch copy of it. 3) vcs_mirror provides a "runas" parameter to specify the user name for the clone/update commands. I don't think it's useful to provide the group as well; at least I've never needed it; and it's not available in the environment like $USER so I left that out for now. The method you show for getting the gid only works if the user is local in /etc/passwd and we want the primary group, so I'd rather get the real and effective UID and GID. I'm actually not happy with relying on $USER because it can be modified by the caller, but it's all we have and it's guaranteed to be set to LOGNAME on all the non-Windows systems I know. The reports and commands are different when "runas" is different from $USER. I added params/cfengine-core-runas-tzz.json for cfsketch activation to show the "runas" usage. Give it a try, let me know what you think... I'm working on converting other sketches to the cfsketch format so this has been lots of fun :) Ted _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
