Grant Documentation

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Grant Documentation

From:	Brian E. Seppanen
Subject:	Grant Documentation
Date:	Fri, 17 Oct 2003 15:28:56 -0400 (EDT)

Hi Folks:

I have printed copies of both the cfengine reference and the tutorial, and 
I'm still having problems finding references about how to use grant 
properly.   I  have 40+ servers that are now running cfengine-2.0.8p1, and 
I'm getting constant errors about copying files off of my filesystems from 
one box to another.   In the past this has worked in my cfservd.conf that 
has had 

grant:

        /var/cfengine   192.168.1.2 etc....

        /       192.168.1.2 etc...

Now each time I try to copy some file from /etc  I get host authorization 
denied, and I believe it is because I haven't explicitly granted this, 
although it worked pre 2.0.8p1.   How can I grant / and indicate that I 
want to allow access to the entire filesystem.   I do not have a file 
repository that I'm using, I'm using a live filesystem.   If it makes it 
to the live filesystem it has been tested and is ready for production.

My /var/cfengine/inputs/cfservd.conf gets updated as do the rest of the 
files in /var/cfengine so it would appear that the /var/cfengine grant works, 
but 
nothing else works.


Havekey(root-192.168.1.2)
Loaded /var/cfengine/ppkeys/root-192.168.1.2.pub
A public key was already known from host1.fake.net/192.168.1.2 - no trust 
required
Adding IP 192.168.1.2 to SkipVerify - no need to check this if we have a key
Prepending 192.168.1.2
The public key identity was confirmed as root@host1.fake.net
Transaction Send[t 16][Packed text]
Attempting to send 24 bytes
SendSocketStream, sent 24
Transaction Send[t 16][Packed text]
Attempting to send 24 bytes
SendSocketStream, sent 24
ChecksumString(m)
Transaction Send[t 256][Packed text]
Attempting to send 264 bytes
SendSocketStream, sent 264
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
cfservd: Strongly authentication of client host1.fake.net/192.168.1.2
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
Got a session key...
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 56][]
RecvSocketStream(56)
    (Concatenated 56 from stream)
Received: [SSYNCH 40] on socket 5
AccessControl(/etc/login.defs)
AccessControl(/etc/login.defs,host1.fake.net) encrypt request=1
cfservd: Host host1.fake.net denied access to /etc/login.defs
cfservd: Host authorization/authentication failed or access denied
Transaction Send[t 64][Packed text]
Attempting to send 72 bytes
SendSocketStream, sent 72
cfservd: From (host=host1.fake.net,user=root,ip=192.168.1.2)
RecvSocketStream(8)
Transmission empty or timed out...
Transaction Receive [][]
RecvSocketStream(0)
cfservd terminating NULL transmission!
Terminating thread...
***Closing socket 5 from 192.168.1.2
Deleted item 192.168.1.2

This is the transaction from the perspective of the cfservd on the host 
from which the copy would have occured from

Any help...  



Brian Seppanen
seppy@chartermi.net
906-475-0107 ext 1040

[Prev in Thread]

Current Thread

[Next in Thread]

Grant Documentation, Brian E. Seppanen <=

Prev by Date: RE: Fix for Red Hat 9.0 Berkeley DB Error
Next by Date: Editing Files In Particular Format
Previous by thread: Fix for Red Hat 9.0 Berkeley DB Error
Next by thread: Editing Files In Particular Format
Index(es):
- Date
- Thread