1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
.. -*- mode: rst -*-
.. _server-info:
====
Info
====
Various file properties for entries served by the :ref:`Cfg
<server-plugins-generators-cfg>`, :ref:`TGenshi
<server-plugins-generators-tgenshi-index>`, :ref:`TCheetah
<server-plugins-generators-tcheetah>`, and :ref:`SSHbase
<server-plugins-generators-sshbase>` plugins are controlled through
the use of ``:info``, ``info``, or ``info.xml`` files.
By default, these plugins are set to write files to the filesystem
with owner **root**, group **root**, and mode **644** (read and write
for owner, read only for group and other). These options, and a few
others, can be overridden through use of ``info.xml``, ``:info``, or
``info`` files. Each config file directory can have a ``info.xml``,
``:info`` or ``info`` file if needed. The possible fields in an info
file are:
+------------+-------------------+----------------------------------+---------+
| Field | Possible values | Description | Default |
+============+===================+==================================+=========+
| encoding | ascii | base64 | Encoding of the file. Use | ascii |
| | | base64 for binary files | |
+------------+-------------------+----------------------------------+---------+
| owner | Any valid user | Sets owner of the file | root |
+------------+-------------------+----------------------------------+---------+
| group | Any valid group | Sets group of the file | root |
+------------+-------------------+----------------------------------+---------+
| perms | Numeric file mode | Sets the permissions of the file | 0644 |
| | | 'inherit' | (or inherits from the files on | |
| | | disk if set to 'inherit') | |
+------------+-------------------+----------------------------------+---------+
| secontext | A valid SELinux | Sets the SELinux context of the | default |
| | context string or | file, or sets to the default | |
| | '__default__' | context set by policy if set to | |
| | | '__default__' | |
+------------+-------------------+----------------------------------+---------+
| important | true | false | Important entries are | false |
| | | installed first during client | |
| | | execution | |
+------------+-------------------+----------------------------------+---------+
| paranoid | true | false | Backup file before replacement? | true |
+------------+-------------------+----------------------------------+---------+
| sensitive | true | false | The contents of sensitive | false |
| | | entries aren't included in | |
| | | reports | |
+------------+-------------------+----------------------------------+---------+
A sample info file for CGI script on a web server might look like::
owner: www
group: www
perms: 0755
The equivalent ``info.xml`` file would be:
.. code-block:: xml
<FileInfo>
<Info owner="www" group="www" perms="0755"/>
</FileInfo>
Back to the fstab example again, our final ``Cfg/etc/fstab/`` directory
might look like::
info.xml
fstab
fstab.G50_server
fstab.G99_fileserver
fstab.H_host.example.com
See :ref:`server-selinux` for more information on the ``secontext``
attribute and managing SELinux in general.
.. _server-info-info-xml:
info.xml files
==============
``info.xml`` files add the ability to specify different sets of file
metadata on a group by group or host by host basis, or by path (for
files using :ref:`altsrc <server-plugins-structures-altsrc>`). These
files are XML, and work similarly to those used by :ref:`Rules
<server-plugins-generators-rules>` or :ref:`Pkgmgr
<server-plugins-generators-pkgmgr>`.
The following specifies a different global set of permissions
(root/sys/0651) than on clients in group webserver or named
"foo.example.com" (root/root/0652)::
<FileInfo>
<Client name='foo.example.com'>
<Info owner='root' group='root' perms='0652'/>
</Client>
<Group name='webserver'>
<Info owner='root' group='root' perms='0652'/>
</Group>
<Info owner='root' group='sys' perms='0651'/>
</FileInfo>
.. versionadded:: 1.2.0
You can also use the ``<Path>`` directive to specify a different set
of permissions depending on the path of the file::
<FileInfo>
<Path name="/etc/bcfg2-web.conf">
<Info owner="root" group="apache" perms="0640"/>
</Path>
<Path name="/etc/bcfg2-web.conf" negate="true">
<Info owner="root" group="root" perms="0600"/>
</Path>
</FileInfo>
.. versionadded:: 1.3.0
You can also specify ACLs as children of ``<Info>`` tags in
``info.xml``. See :ref:`server-plugins-generators-rules-acls` for
more information on the formatting of ACL tags.
|