[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: anyone tried being *very* explicit with respect to file permissions?

From: Steve Wray
Subject: Re: anyone tried being *very* explicit with respect to file permissions?
Date: Thu, 6 May 2004 13:04:07 +1200
User-agent: KMail/1.6.1

On Thursday 06 May 2004 11:59, Mike wrote:
> Given a golden machine write a script that captures the ownership
> and permissions of all files in /etc, /var, and /usr. Using that
> script generate a file specifying the files: stanza
> and an entry for every file on the golden system. Then run that
> file each night to verify that all files are what they
> should be.
> This seems like a slow way to force all files to be the correct
> ownership and permissions. Is there another way given that the
> files in /etc have different owners and groups?

I am currently working on an integration of cfengine and subversion (see

subversions file properties can be used to preserve data on uid, gid, 
modes however it doesn't come with this support out of the box.

It also doesn't cope with symlinks.

What I am testing at the moment is a cfengine setup which runs an svn 
update into a local working copy, refers to the svn properties on files 
& directories and sets them accordingly, on the working copy, runs some 
cfengine editfiles commands to localise the working copy and then 
copies the working copy over to /etc

The remote working copy (on the gold server) has its svn properties set 
by a similar script, deriving them from the actual file ownerships and 

These run as a wrapper for svn so every time one uses the wrapper to svn 
commit or svn update the properties are inspected and set. Takes a 
while though. If none of these properties have changed its faster to 
use the regular svn.

The only thing I am (currently) not handling with subversion is symlinks 
and for these I run a script which finds symlinks and creates a 
cf.links file. Something like this;

echo "links:" > cfengine/
find . -type l -printf "/etc/%P -> %l\n" \
    | sed -e 's/%20/\$\(spc\)/' >> cfengine/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]