Cfengine 3: permission denied when copying to symlink
05 Jun 2014Today at $WORK I upgraded Cfengine on a server to 3.5.3. After that, I suddenly started seeing a lot of errors like this:
2014-06-05T13:52:47-0700 error: NetCopy to destination 'cfengine.example.com:/opt/sources/foo.tar.bz2.cfnew' security - failed attempt to exploit a race? (Not copied). (open: Permission denied)
2014-06-05T13:52:47-0700 error: /test/methods/'Copy /opt/'copy_opt/files/'/opt/: Was not able to copy '/var/cfengine/files/ALL/opt/sources/foo.tar.bz2' to '/opt/sources/foo.tar.bz2'
Running in verbose mode gave a bit more info, but nothing helpful:
2014-06-05T13:44:12-0700 verbose: Destination file '/opt/sources/foo.tar.bz2' already exists
2014-06-05T13:44:12-0700 info: Cannot open file for hashing '/opt/sources/foo.tar.bz2'. (fopen: Permission denied)
2014-06-05T13:44:12-0700 verbose: Image file '/opt/sources/foo.tar.bz2' has a wrong digest/checksum, should be copy of '/var/cfengine/files/ALL/opt/sources/foo.tar.bz2'
2014-06-05T13:44:12-0700 error: NetCopy to destination 'cfengine.example.com:/opt/sources/foo.tar.bz2.cfnew' security - failed attempt to exploit a race? (Not copied). (open: Permission denied)
2014-06-05T13:44:12-0700 error: /test/methods/'Copy /opt'/copy_opt_files/'/opt': Was not able to copy '/var/cfengine/files/ALL/o\ pt/sources/foo.tar.bz2' to '/opt/sources/foo.tar.bz2'
Wasn't SELinux, wasn't secret attributes...turned out that the new(er) version of Cf3 didn't like the fact that /opt was a symlink to /usr/opt. I'd set that up long ago and it was no longer needed, so I was free to just recreate it:
rm -rf /usr/opt
mkdir /opt
cf-agent -KI # Which populates it as needed.
Add a comment:
Name and email required; email is not displayed.
Related Posts
QRP weekend 08 Oct 2018
Open Source Cubesat Workshop 2018 03 Oct 2018
mpd crash? try removing files in /var/lib/mpd/ 11 Aug 2018