Re: "cfrun -- -f file" problems!

[Mark . Burgess]

On 16 Jul, Tomas A. Maly wrote:
> Hi,
> 
> When I try to run cfrun with a custom file to have cfagent operate with 
> (cfrun -- -f rf.restart -D apache), the remote cfservd replies that it 
> will execute the cfagent command without the -f or --file. I took a look 
> at cfservd.c and it removes the -f and --file option! What gives?
> 
> So, assuming that cfagent doesn't need those parameters, I went ahead 
> and ran it like "cfagent cf.restart". Nothing happened, and the --help 
> option says to pass it --file or -f . So, why are these options being 
> removed by cfservd? I want to use a custom file so I don't need to worry 
> about any other classes (hard or custom) being run, because I only am 
> interested in one of them (as I pass with the -D parameter to cfagent).
> 
> Oddly, the -D parameter passed to cfagent does NOT get chopped off by 
> cfservd.
> 
> What am I doing wrong? Is there no capability to specify custom files to 
> operate with when remotely running cfagent, like for security reasons or 
> something? HELP!
> 
> Thanks a bunch.
> 
> Tomas Maly

You are not doing anything wrong. It would be a huge security risk
to allow anyone to run an arbitrary cfengine file remotely. They
could just put a file in /tmp and ask cfrun to run it. This feature
is meant to prevent such unauthorized files from being run.

If you need to switch on a special file in a special circumstance,
they include it in cfagent.conf under a class that is not normally
defined


import:

XXX::

   "myfile"


Then do

cfrun -- -- XXX

instead. That way you know what you are getting.

Mark

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~