doc/server/info.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

.. -*- mode: rst -*-

.. NOTE: these are relative links (change when directory structure
..       changes)

.. _server-info:

====
Info
====

Various file properties for entries served by the :ref:`Cfg
<server-plugins-generators-cfg>`, :ref:`TGenshi
<server-plugins-generators-tgenshi-index>`, :ref:`TCheetah
<server-plugins-generators-tcheetah>`, and :ref:`SSHbase
<server-plugins-generators-sshbase>` plugins are controlled through
the use of ``:info``, ``info``, or ``info.xml`` files.

By default, these plugins are set to write files to the filesystem with
owner **root**, group **root**, and mode **644** (read and write for
owner, read only for group and other). These options, and a few others,
can be overridden through use of ``:info`` or ``info`` files. Each config
file directory can have a ``:info`` or ``info`` file if needed. The
possible fields in an info file are:

+------------+-------------------+----------------------------------+---------+
| Field      | Possible values   | Description                      | Default |
+============+===================+==================================+=========+
| encoding:  | ascii | base64    | Encoding of the file. Use        | ascii   |
|            |                   | base64 for binary files          |         |
+------------+-------------------+----------------------------------+---------+
| group:     | Any valid group   | Sets group of the file           | root    |
+------------+-------------------+----------------------------------+---------+
| important: | true | false      | Important entries are            | false   |
|            |                   | installed first during client    |         |
|            |                   | execution                        |         |
+------------+-------------------+----------------------------------+---------+
| owner:     | Any valid user    | Sets owner of the file           | root    |
+------------+-------------------+----------------------------------+---------+
| paranoid:  | true | false      | Backup file before replacement?  | false   |
+------------+-------------------+----------------------------------+---------+
| perms:     | Numeric file mode | Sets the permissions of the file | 0644    |
|            | | 'inherit'       | (or inherits from the files on   |         |
|            |                   | disk if set to inherit)          |         |
+------------+-------------------+----------------------------------+---------+
| sensitive: | true | false      | The contents of sensitive        | false   |
|            |                   | entries aren't included in       |         |
|            |                   | reports                          |         |
+------------+-------------------+----------------------------------+---------+

A sample info file for CGI script on a web server might look like::

    owner: www
    group: www
    perms: 0755

Back to the fstab example again, our final ``Cfg/etc/fstab/`` directory
might look like::

    :info
    fstab
    fstab.G50_server
    fstab.G99_fileserver
    fstab.H_host.example.com

Important attribute
===================

.. versionadded:: 1.1.0

Having important entries hardcoded into the various client tools has
worked relatively well so far. However, this method allows for a bit
more flexibility as the entries can be controlled via the configuration
specification.

+------------+-------------------+----------------------------------+---------+
| Field      | Possible values   | Description                      | Default |
+============+===================+==================================+=========+
| important: | true | false      | Important entries are            | root    |
|            |                   | installed first during client    |         |
|            |                   | execution                        |         |
+------------+-------------------+----------------------------------+---------+

.. _server-info-info-xml:

info.xml files
==============

``info.xml`` files add the ability to specify different sets of file
metadata on a group by group or host by host basis, or by path (for
files using :ref:`altsrc <server-plugins-structures-altsrc>`). These
files are XML, and work similarly to those used by :ref:`Rules
<server-plugins-generators-rules>` or :ref:`Pkgmgr
<server-plugins-generators-pkgmgr>`.

The following specifies a different global set of permissions
(root/sys/0651) than on clients in group webserver or named
"foo.example.com" (root/root/0652)::

    <FileInfo>
      <Client name='foo.example.com'>
        <Info owner='root' group='root' perms='0652'/>
      </Client>
      <Group name='webserver'>
        <Info owner='root' group='root' perms='0652'/>
      </Group>
      <Info owner='root' group='sys' perms='0651'/>
    </FileInfo>

.. versionadded:: 1.2.0

You can also use the ``<Path>`` directive to specify a different set
of permissions depending on the path of the file::

    <FileInfo>
      <Path name="/etc/bcfg2-web.conf">
        <Info owner="root" group="apache" perms="0640"/>
      </Path>
      <Path name="/etc/bcfg2-web.conf" negate="true">
        <Info owner="root" group="root" perms="0600"/>
      </Path>
    </FileInfo>