1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
.. -*- mode: rst -*-
.. _server-info:
====
Info
====
Various file properties for entries served by the :ref:`Cfg
<server-plugins-generators-cfg>`, :ref:`TGenshi
<server-plugins-generators-tgenshi-index>`, :ref:`TCheetah
<server-plugins-generators-tcheetah>`, and :ref:`SSHbase
<server-plugins-generators-sshbase>` plugins are controlled through
the use of ``:info``, ``info``, or ``info.xml`` files.
By default, these plugins are set to write files to the filesystem with
owner **root**, group **root**, and mode **644** (read and write for
owner, read only for group and other). These options, and a few others,
can be overridden through use of ``:info`` or ``info`` files. Each config
file directory can have a ``:info`` or ``info`` file if needed. The
possible fields in an info file are:
+------------+-------------------+----------------------------------+---------+
| Field | Possible values | Description | Default |
+============+===================+==================================+=========+
| encoding | ascii | base64 | Encoding of the file. Use | ascii |
| | | base64 for binary files | |
+------------+-------------------+----------------------------------+---------+
| owner | Any valid user | Sets owner of the file | root |
+------------+-------------------+----------------------------------+---------+
| group | Any valid group | Sets group of the file | root |
+------------+-------------------+----------------------------------+---------+
| perms | Numeric file mode | Sets the permissions of the file | 0644 |
| | | 'inherit' | (or inherits from the files on | |
| | | disk if set to 'inherit') | |
+------------+-------------------+----------------------------------+---------+
| secontext | A valid SELinux | Sets the SELinux context of the | default |
| | context string or | file, or sets to the default | |
| | '__default__' | context set by policy if set to | |
| | | '__default__' | |
+------------+-------------------+----------------------------------+---------+
| important | true | false | Important entries are | false |
| | | installed first during client | |
| | | execution | |
+------------+-------------------+----------------------------------+---------+
| paranoid | true | false | Backup file before replacement? | true |
+------------+-------------------+----------------------------------+---------+
| sensitive | true | false | The contents of sensitive | false |
| | | entries aren't included in | |
| | | reports | |
+------------+-------------------+----------------------------------+---------+
A sample info file for CGI script on a web server might look like::
owner: www
group: www
perms: 0755
The equivalent ``info.xml`` file would be:
.. code-block:: xml
<FileInfo>
<Info owner="www" group="www" perms="0755"/>
</FileInfo>
Back to the fstab example again, our final ``Cfg/etc/fstab/`` directory
might look like::
info.xml
fstab
fstab.G50_server
fstab.G99_fileserver
fstab.H_host.example.com
See :ref:`server-selinux` for more information on the ``secontext``
attribute and managing SELinux in general.
Important attribute
===================
.. versionadded:: 1.1.0
Having important entries hardcoded into the various client tools has
worked relatively well so far. However, this method allows for a bit
more flexibility as the entries can be controlled via the configuration
specification.
+------------+-------------------+----------------------------------+---------+
| Field | Possible values | Description | Default |
+============+===================+==================================+=========+
| important | true | false | Important entries are | root |
| | | installed first during client | |
| | | execution | |
+------------+-------------------+----------------------------------+---------+
.. _server-info-info-xml:
info.xml files
==============
``info.xml`` files add the ability to specify different sets of file
metadata on a group by group or host by host basis, or by path (for
files using :ref:`altsrc <server-plugins-structures-altsrc>`). These
files are XML, and work similarly to those used by :ref:`Rules
<server-plugins-generators-rules>` or :ref:`Pkgmgr
<server-plugins-generators-pkgmgr>`.
The following specifies a different global set of permissions
(root/sys/0651) than on clients in group webserver or named
"foo.example.com" (root/root/0652)::
<FileInfo>
<Client name='foo.example.com'>
<Info owner='root' group='root' perms='0652'/>
</Client>
<Group name='webserver'>
<Info owner='root' group='root' perms='0652'/>
</Group>
<Info owner='root' group='sys' perms='0651'/>
</FileInfo>
.. versionadded:: 1.2.0
You can also use the ``<Path>`` directive to specify a different set
of permissions depending on the path of the file::
<FileInfo>
<Path name="/etc/bcfg2-web.conf">
<Info owner="root" group="apache" perms="0640"/>
</Path>
<Path name="/etc/bcfg2-web.conf" negate="true">
<Info owner="root" group="root" perms="0600"/>
</Path>
</FileInfo>
|
