I also experienced the same problem.
The correct workaround seems to be this:
The symlink /var/lib/cfengine3/inputs has to be a real directory.
E.g.,
cd /var/lib/cfengine3
mv inputs inputs.old
mkdir inputs
cp /usr/share/doc/cfengine3/examples/* /var/lib/cfengine3/inputs
* be careful to set the directory permission to of "inputs".
Usually, root-owned and not world writable should be OK.
env LANG=C ls -l /var/lib/cfengine3
total 180
lrwxrwxrwx 1 root root 9 Apr 13 06:45 bin -> /usr/sbin
-rw--- 1 root root 16384 May 17 15:51 cf_classes.db
drwxr-xr-x 2 root root 4096 May 16 12:20 inputs
lrwxrwxrwx 1 root root 14 Apr 13 06:45 inputs.old -> /etc/cfengine3
drwxr-xr-x 2 root root 4096 May 16 12:15 lastseen
drwxr-xr-x 2 root root 4096 May 16 12:18 masterfiles
drwx-- 2 root root 4096 May 16 12:15 modules
drwxr-xr-x 2 root root 4096 May 17 15:51 outputs
-rw--- 1 root root 8192 May 17 15:50 performance.db
drwx-- 2 root root 4096 May 16 12:15 ppkeys
-rw--- 1 root root 116528 May 17 15:51 promise_summary.log
-rw-r--r-- 1 root root 1024 May 16 12:15 randseed
drwxr-xr-x 2 root root 4096 May 16 12:15 reports
drwxr-xr-x 2 root root 4096 May 17 15:52 state
This wastes /etc/cfengine3. The files under it are not used at all.
The cause:
Obviously, the link /var/lib/cfengine3/inputs was created as a
handy manner to refer to /etc/cfengine3/.
But cfengine3 seems to have a rather peculiar security concern of
using a symlink to refer to the directory where configuration files are stored.
Such a caution is not unexpected for a security-conscious program.
(Still I am a little surprised here since sendmail v8 used to allow the
reference to user-defined programs that are invoked during sendmail run
through a symlink under a protected diretory. cfengine3 seems to take a more
serious attitude re symlinks. That is, this symlink is BELOW a root-owned
world-non-writable directory, and is safe IMHO. But cfengine probably was
never intended to refer to configuration files through a symlink anyway.)
>From /usr/share/doc/cfengine3/README.cfengine3
--- quote begins ---
*) cfengine3 is FHS, that means that, unlike the original, we log in /var/log,
the binaries are located in /usr/sbin and the inputs files are in
/etc/cfengine3; for upstream compatibility we have two symlinks:
/etc/cfengine3 -> /var/lib/cfengine3/inputs
/usr/sbin -> /var/lib/cfengine3/bin
--- end quote
So the choice of FHS file layout is something to blame until
cfengine3 source file is fixed to allow for *THIS* particular
setup (and NOT others for obvious security reasons).
Oh wait. I just tried to install cfengine3 yesterday, and have not
tested the invocation of various commands through cron entries.
I wonder if /var/lib/cfengine3/bin is suffering from the same problem ???
At least the crontab entries installed by cfengine3 seems to be invoked
every 5 minutes without major ill-effects: but I have yet to configure
cfengine3 to copy various files from the master repository, etc. and so the
relevant commands may not have been invoked really.
Hope this helps.
CI
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org