help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can't copy problem


From: Mark Burgess
Subject: Re: Can't copy problem
Date: Thu, 23 Feb 2006 14:50:57 +0100

If no one is root, then the file must be readable by the server.

M

On Tue, 2006-02-21 at 23:14 +0000, Christopher Browne wrote:
> I'm having a problem copying files which *appear* to have something to
> do with what user is requesting files.
> 
> I have a copy clause thus...  The file, crontab.dbserver, is
> ultimately something I want to stow in each user's crontab...
> 
>    q9.!dba520cluster::
>       /opt/home/postgres/GoldenServer/crontab.dbserver
>                                 dest=$(HOME)/crontab.dbserver
>                                 mode=0600
>                                 server=$(GOLDEN_SERVER)
>                                 trustkey=on
> 
> According to the cfagent --verbose run, access is being denied, thus:
> 
> Checking copy from 
> 10.9.130.182:/opt/home/postgres/GoldenServer/crontab.dbserver to 
> /opt/home/pgrt/crontab.dbserver
> cfengine:TOR-550-DB901: /opt/home/pgrt/crontab.dbserver wasn't at destination 
> (copying)
> cfengine:TOR-550-DB901: Copying from 
> 10.9.130.182:/opt/home/postgres/GoldenServer/crontab.dbserver
> cfengine:TOR-550-DB901: Network access to cleartext 
> 10.9.130.182:/opt/home/postgres/GoldenServer/crontab.dbserver denied
> 
> Here appears to be the relevant portion of this...
> 
> FuzzyItemIn(LIST,10.9.130.167)
> No root privileges granted
> IsWildItem(tor-550-db901.int.libertyrms.com,*.int.libertyrms.com)
> Access privileges - match found
> cfservd: Host tor-550-db901.int.libertyrms.com granted access to 
> /opt/home/postgres/GoldenServer/crontab.dbserver
> CfGetFile(/opt/home/postgres/GoldenServer/crontab.dbserver on sd=5), size=138
> Caller pgrt is not the owner of the file
> cfservd: Host authorization/authentication failed or access denied
> 
> Two details that are probably relevant...
> 
> 1.  The user running the cfengine script is "pgrt"
> 
> 2.  The user running the cfservd is "postgres"
> 
> I am allowing all the relevant users access in the cfservd.conf
> AllowUsers directive, so I'm not sure what's wrong here...
> 
> (No, none of the above involves anyone being root.  That be
> verboten...)





reply via email to

[Prev in Thread] Current Thread [Next in Thread]