cfengine can't access logfile when running as non-root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cfengine3 (Debian) |
Fix Committed
|
Unknown
|
|||
cfengine3 (Ubuntu) |
In Progress
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: cfengine3
The problem found in package version 3.0.5+dfsg-1 from Natty.
When running as non-root user, cf-agent complains "Can't open lock-log file". The error happens because it tries to work with files in /var/log, but doesn't have enough permissions.
You may reproduce the issue from a non-root account as follows:
rm -rf ~/.cfagent
mkdir ~/.cfagent ~/.cfagent/bin ~/.cfagent/inputs
cp /usr/sbin/cf-* ~/.cfagent/bin/
cat - >~/.cfagent/
# -*- coding: utf-8; mode: cfengine -*-
body common control
{
bundlesequence => { "test" };
}
bundle agent test
{
commands:
"/bin/date" ;
}
EOF
env LANG=C cf-agent; echo $?
The commands will produce something like that:
Q: ".../bin/date": Tue May 10 15:40:36 YEKST 2011
I: Last 1 QUOTed lines were generated by promiser "/bin/date"
Can't open lock-log file /var/log/
!!! System error for fopen: "Permission denied"
1 <-- (take note exit code signals about some error)
Related branches
Changed in cfengine3 (Ubuntu): | |
status: | New → In Progress |
Changed in cfengine3 (Debian): | |
status: | Unknown → Fix Committed |
The issue was introduced by Debian specific patch debian/ patches/ fhs-compliance. The patch doesn't take into account that working directory for non-root users is ~/.cfengine and FHS rules can't be applied to this case. In my opinion, we should not change upstream behavior for regular users.