design-center icon indicating copy to clipboard operation
design-center copied to clipboard
verified publisher icon cfengine

cf-sketch not setting permissions for policy to be able to run

Open nickanderson opened this issue 12 years ago • 6 comments

After uninstalling all sketches, installing vcs_mirror, configuring and running

cf-sketch> run

Generated standalone run file /home/cmdln/.cfagent/inputs/standalone-cf-sketch-runfile.cf

Now executing the runfile with: /var/cfengine/bin/cf-agent  -f /home/cmdln/.cfagent/inputs/standalone-cf-sketch-runfile.cf

File /home/cmdln/.cfagent/inputs/sketches/CFEngine/stdlib/cfengine_stdlib.cf (owner 1000) is writable by others (security exception)

cf-sketch> run

Generated standalone run file /home/cmdln/.cfagent/inputs/standalone-cf-sketch-runfile.cf

Now executing the runfile with: /var/cfengine/bin/cf-agent  -f /home/cmdln/.cfagent/inputs/standalone-cf-sketch-runfile.cf

File /home/cmdln/.cfagent/inputs/sketches/VCS/vcs_mirror/main.cf (owner 1000) is writable by others (security exception)

nickanderson avatar Jan 23 '13 21:01 nickanderson

Definitely to be fixed. Sorry for the trouble.

tzz avatar Feb 15 '13 16:02 tzz

In the meantime, I patched the vim_cf3 plugin to fix permission on save :)

nickanderson avatar Feb 15 '13 17:02 nickanderson

How about (in config.json):

runfile.perms is an optional string that will be used as the permission. When it's missing we won't try to set the permissions of the runfile.

Let me know what you think and I will do.

tzz avatar May 02 '13 16:05 tzz

ping @nickanderson

tzz avatar May 10 '13 16:05 tzz

That sounds fine, but setting for the runfile alone wont cover the sketch files that are included as well.

nickanderson avatar May 10 '13 17:05 nickanderson

In 3.5.0 this is no longer a problem, IIUC.

But for the sake of CFE 3.4.x DC users, how about defaulting the runfile and *.cf install permissions to 600?

tzz avatar May 10 '13 20:05 tzz