This has been discussed recently. The lack of permissions on the destination root directory was reported as a bug and I agreed that this was misleading/incorrect behaviour. This was altered in 2.2.2.
Afterwards it was discovered/decided that this change could have negative consequences, so the option to decide was added to svn for the next release. checkroot=true/false Download the latest svn for this option. M Brandon Hutchinson wrote: > Hello, > > We have the following in our cfengine configuration to copy users' > public keys for cfrun: > > copy: > any:: > /var/cfengine/masterfiles/ppkeys > server=$(filehost) > dest=/var/cfengine/ppkeys > recurse=1 > include=*.pub > mode=444 owner=root group=root > verify=true > > With cfengine 2.2.1 and previous, this copies > /var/cfengine/masterfiles/ppkeys/*.pub and sets the permissions > appropriately. > > With cfengine 2.2.2, this code also changes permissions on the > destination directory (/var/cfengine/ppkeys) in addition to the *.pub files: > > # cfagent -qIK > cfengine:nvitbmmap003: Object /var/cfengine/ppkeys had permission 700, > changed it to 555 > > # cfagent > ::UNTRUSTED: Private key directory /var/cfengine/ppkeys (mode 555) was > not private! > > Should the copy be modifying permissions on the destination directory? > > Best regards, > > Brandon > _______________________________________________ > Bug-cfengine mailing list > [email protected] > https://cfengine.org/mailman/listinfo/bug-cfengine -- Mark Burgess Professor of Network and System Administration Oslo University College ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Work: +47 22453272 Email: [EMAIL PROTECTED] Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ Bug-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/bug-cfengine
