copy action=warn doesn't stop user/group update

[Martin, Jason H]

The SF bugtracker entry for this is at http://www.6URL.com/JH7.

Cfengine 2.1.10 and 2.1.14 is changing the user / group
of a file defined in a copy statement even though the
stanza defines action=warn.

I am seeing this on Solaris under two versions of CFE
(both I have installed). It does this only if
type=checksum is defined and the contents match.

The test scenario is as follows:
Create files zfile1,zfile2, and zfile3 in /tmp. Chown
them to some random user and put the contents 'TEST' in
them. Copy zfile1 and zfile2 to
/var/cfengine/repository/demo.

Modify /tmp/zfile3 and change the contents to "TEST2".

Use the following stanzas:

copy:
any::
/var/cfengine/repository/demo/zfile
dest=/tmp/zfile
mode=0644
owner=root
group=sys
action=warn
type=checksum
inform=true


/var/cfengine/repository/demo/zfile2
dest=/tmp/zfile2
mode=0644
owner=root
group=sys
action=warn
inform=true


/var/cfengine/repository/demo/zfile2
dest=/tmp/zfile3
mode=0644
owner=root
group=sys
action=warn
type=checksum
inform=true


When cfagent is run with the -qv options, the following
output will be generated in the logfile:

Checking copy from
localhost:/var/cfengine/repository/demo/zfile to /tmp/zfile
cfengine:XXX: Owner of /tmp/zfile was 10110, setting to 0
cfengine:XXX: Group of /tmp/zfile was 1, setting to 3
Checking copy from
localhost:/var/cfengine/repository/demo/zfile2 to
/tmp/zfile2
cfengine:XXX: Image file /tmp/zfile2 out of date
(should be copy of /var/cfengine/repository/demo/zfile2)
Checking copy from
localhost:/var/cfengine/repository/demo/zfile2 to
/tmp/zfile3
.

The owner / group of /tmp/zfile will now be root:sys,
even though the action was 'warn'.

This means the problem occurs when:
*action = warn
*type=checksum
*the contents of the file are correct.

I believe the problem is ImageCopy, CheckCopiedFile,
and CheckExistingFile. They are all hardcoding the
action flag to 'fixall' regardless of the value in the
copy stanza. 

-d2 output of the problem occuring is below.
Checking copy from
localhost:/var/cfengine/repository/demo/zfile to /tmp/zfile
Authentic connection verified
GetLock(copy,_var_cfengine_repository_demo_zfile__tmp_zfile,time=1117148512),
ExpireAfter=30, IfElapsed=1
GetLastLock()
CheckOldLock(lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile)
Unable to find lock data
lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile
SetLock(lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile)
PutLock(lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile)
Found no lock
[lock.cfagent_conf.XXX.copy._var_cfengine_repository_demo_zfile__tmp_zfile]:
DB_NOTFOUND: No matching key/data pair found
Directory for /tmp/zfile exists. Okay
CheckImage (source=/var/cfengine/repository/demo/zfile
destination=/tmp/zfile)
ImageCopy(/var/cfengine/repository/demo/zfile,/tmp/zfile,+644,-7133)
ExpandVarstring(localhost)
IgnoredOrExcluded(/var/cfengine/repository/demo/zfile)
file /tmp/zfile class any was not excluded
Destination file /tmp/zfile exists
CompareCheckSums(/var/cfengine/repository/demo/zfile,/tmp/zfile)
Compare checksums on
localhost:/var/cfengine/repository/demo/zfile & /tmp/zfile
ChecksumFile(m,/var/cfengine/repository/demo/zfile)
ChecksumFile(m,/tmp/zfile)
Files were identical
CheckCopiedFile(/tmp/zfile,+644,-7133)
cfengine:XXX: Checking fs-object /tmp/zfile
CheckExistingFile(+644,-7133)
CheckOwner: 10110
uid 0
(Change owner to uid 0 if possible)
Change group to gid 3 if possible)
cfengine:XXX: Owner of /tmp/zfile was 10110, setting to 0
cfengine:XXX: Group of /tmp/zfile was 1, setting to 3
File okay, newperm = 644, stat = 644
Image file is up to date: /tmp/zfile 

Thank you,
-Jason Martin