[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
question about how cfservd handles admit and deny...
From: |
Juha Ylitalo |
Subject: |
question about how cfservd handles admit and deny... |
Date: |
20 May 2003 15:11:07 +0300 |
cfservd host: ship (RedHat 7.3)
cfagent host: laptop (RedHat 7.3) and boat (...)
I am trying to use cfservd <-> cfagent communications to transfer RADIUS
related files from primary server to backup server using cfengine 2.0.4
(yes, I know that cfengine 2.0.7 is out). I've done this by listing
/etc/shadow, /etc/raddb/*, ... files into cfservd.conf file in ship.
Problem in this setup is that even though I've specifically mentioned
that /etc/shadow, etc. files are only admit:ed to boat, laptop machine
is able to get /etc/shadow, etc. in addition to those files that its
permitted to copy from /var/cfengine/masterfiles/inputs.
If I add "deny: /etc !boat" into cfservd.conf, noone (including boat) is
able to get those files.
Could someone point out, where I have mistake in my cfservd.conf or if
this is a bug in cfengine 2.0.4, is it fixed in newer versions?
CFSERVD.CONF
------------
[begin quote from cfservd.conf]
admit: # or grant:
/etc/shadow boat.ntc.nokia.com
/etc/gshadow boat.ntc.nokia.com
/etc/group boat.ntc.nokia.com
/etc/passwd boat.ntc.nokia.com
/etc/raddb/clients.conf boat.ntc.nokia.com
/etc/raddb/users boat.ntc.nokia.com
/etc/raddb/naslist boat.ntc.nokia.com
/var/cfengine/masterfiles/inputs *.ntc.nokia.com
deny:
/etc !boat.ntc.nokia.com
[end of qoute from cfservd.conf]
HOW IT SHOWS IN LOG FILES
--------------------------
[begin quote from /var/log/messages]
May 20 15:07:05 ship cfservd[4124]: From
(host=boat.ntc.nokia.com,user=root,ip=172.21.200.22)
May 20 15:07:05 ship cfservd[4124]: ID from connecting host: (SYNCH
1053432425 STAT /etc/raddb/users)
[end quote from /var/log/messages]
--
Juha Ylitalo juha.o.ylitalo@nokia.com <work e-mail>
+358 40 562 6152 http://linux.nokia.com/~jylitalo/ <work www>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- question about how cfservd handles admit and deny...,
Juha Ylitalo <=