Various file properties for entries served by the Cfg, TGenshi, TCheetah, and SSHbase plugins are controlled through the use of :info, info, or info.xml files.
By default, these plugins are set to write files to the filesystem with owner root, group root, and mode 644 (read and write for owner, read only for group and other). These options, and a few others, can be overridden through use of :info or info files. Each config file directory can have a :info or info file if needed. The possible fields in an info file are:
Field | Possible values | Description | Default |
---|---|---|---|
encoding: | ascii | base64 | Encoding of the file. Use base64 for binary files | ascii |
group: | Any valid group | Sets group of the file | root |
important: | true | false | Important entries are installed first during client execution | false |
owner: | Any valid user | Sets owner of the file | root |
paranoid: | true | false | Backup file before replacement? | false |
perms: | Numeric file mode | ‘inherit’ | Sets the permissions of the file (or inherits from the files on disk if set to inherit) | 0644 |
sensitive: | true | false | The contents of sensitive entries aren’t included in reports | false |
A sample info file for CGI script on a web server might look like:
owner: www
group: www
perms: 0755
Back to the fstab example again, our final Cfg/etc/fstab/ directory might look like:
:info
fstab
fstab.G50_server
fstab.G99_fileserver
fstab.H_host.example.com
New in version 1.1.0.
Having important entries hardcoded into the various client tools has worked relatively well so far. However, this method allows for a bit more flexibility as the entries can be controlled via the configuration specification.
Field | Possible values | Description | Default |
---|---|---|---|
important: | true | false | Important entries are installed first during client execution | root |
info.xml files add the ability to specify different sets of file metadata on a group by group or host by host basis, or by path (for files using altsrc). These files are XML, and work similarly to those used by Rules or Pkgmgr.
The following specifies a different global set of permissions (root/sys/0651) than on clients in group webserver or named “foo.example.com” (root/root/0652):
<FileInfo>
<Client name='foo.example.com'>
<Info owner='root' group='root' perms='0652'/>
</Client>
<Group name='webserver'>
<Info owner='root' group='root' perms='0652'/>
</Group>
<Info owner='root' group='sys' perms='0651'/>
</FileInfo>
New in version 1.2.0.
You can also use the <Path> directive to specify a different set of permissions depending on the path of the file:
<FileInfo>
<Path name="/etc/bcfg2-web.conf">
<Info owner="root" group="apache" perms="0640"/>
</Path>
<Path name="/etc/bcfg2-web.conf" negate="true">
<Info owner="root" group="root" perms="0600"/>
</Path>
</FileInfo>