[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: problems copying symlinks
From: |
Bill Gunter |
Subject: |
Re: problems copying symlinks |
Date: |
Thu, 29 Dec 2005 16:09:52 -0600 |
Hmmm. I understand that you have to use the actual directory and not a
symlink in the "admit" directive of cfservd.conf, but that's not the
problem here. To work around the problem I changed the copy directive,
not the admit directive. Are you saying that you can't copy symlinks
from a symlinked directory?
On Thu, 2005-12-29 at 16:03 -0600, Mark Burgess wrote:
>
> That is a documented security feature, not a bug.
> M
>
> On Thu, 2005-12-29 at 14:06 -0600, Bill Gunter wrote:
> > Okay, found the problem with the symlinks. Apparently the access
> control
> > is getting confused. I've allowed access with
> >
> > admit:
> > cfengine_server::
> > /directory *.domain.com
> >
> > But the copy directive says
> >
> > class::
> > /symlink_to_directory
> >
> > This works with regular files contained in /directory but not with
> > symlinks to files in the same directory. I changed the copy
> directive to
> > use the actual directory and not the symlink to it and it works
> fine.
> > This seems like a bug to me.
> >
> >
> > On Thu, 2005-12-29 at 13:03 -0600, Mark Burgess wrote:
> > >
> > > Look at the output of cfservd -d2 to see why this is happening.
> If
> > > you
> > > are traversing links, that is not honoured by access control.
> This
> > > has
> > > always been true
> > > M
> > >
> > > On Thu, 2005-12-29 at 12:46 -0600, Bill Gunter wrote:
> > > > v2.1.18 of cfservd (still v2.1.15 of cfagent) gives slightly
> > > different
> > > > errors, but the same results. It says "Unspecified refusal by
> > > server"
> > > > instead of "Host authorization/authentication failed or access
> > > denied"
> > > >
> > > > On Thu, 2005-12-29 at 12:21 -0600, Mark Burgess wrote:
> > > > >
> > > > > What does 2.1.18 do?
> > > > >
> > > > > On Thu, 2005-12-29 at 11:43 -0600, Bill Gunter wrote:
> > > > > > I've configured a copy directive and the symlinks that exist
> in
> > > the
> > > > > > directory being copied are not being copied, but all the
> > > regular
> > > > > files
> > > > > > in the directory are being copied.
> > > > > >
> > > > > > cfservd is throwing this error for each symlink:
> > > > > >
> > > > > > Dec 29 11:34:58 HOST cfservd[12692]: [ID 823470
> daemon.error]
> > > Host
> > > > > > REMOTE denied access to /directory/symlink
> > > > > > Dec 29 11:34:58 HOST cfservd[12692]: [ID 702911
> daemon.notice]
> > > Host
> > > > > > authorization/authentication failed or access denied
> > > > > > Dec 29 11:34:58 HOST cfservd[12692]: [ID 702911
> daemon.notice]
> > > From
> > > > > > (host=REMOTE,user=root,ip=::ffff:111.111.111.111)
> > > > > > Dec 29 11:34:58 HOST cfservd[12692]: [ID 823470
> daemon.error]
> > > ID
> > > > > from
> > > > > > connecting host: (SYNCH 1135877698
> STAT /directory/symlink)
> > > > > >
> > > > > > Here's the directive.
> > > > > >
> > > > > > class::
> > > > > > /directory
> > > > > > server=$(server)
> > > > > > dest=/remote_directory
> > > > > > owner=root
> > > > > > backup=false
> > > > > > recurse=inf
> > > > > > timestamps=keep
> > > > > >
> > > > > > I'm using v.2.1.15.
> > > > > >
> > > > >
> > > > >
> > >
> > >
>
>
--
Bill Gunter
Assistant Director of Information Systems
ARC Systems
P: 512.358.5377
F: 512.892.5552
<www.arcsystems.com>
- problems copying symlinks, Bill Gunter, 2005/12/29
- Re: problems copying symlinks, Mark Burgess, 2005/12/29
- Re: problems copying symlinks, Bill Gunter, 2005/12/29
- Re: problems copying symlinks, Mark Burgess, 2005/12/29
- Re: problems copying symlinks, Bill Gunter, 2005/12/29
- Re: problems copying symlinks, Bill Gunter, 2005/12/29
- Re: problems copying symlinks, Mark Burgess, 2005/12/29
- Re: problems copying symlinks,
Bill Gunter <=
- Re: problems copying symlinks, Mark Burgess, 2005/12/29
- Re: problems copying symlinks, Bill Gunter, 2005/12/30