cfengine

[image of the Head of a GNU] [ English ]

1.6.x will be the last version of cfengine before radical changes.
Security
Safer umask behaviour. Allow setting global umask in control and per process in shellcommands, processes. In editfiles "Umask 022" sets umask for new file creation and script exection.

Possible to set chroot= and chdir= options when running shell commands and restarting processes. This allows one to create a `sandbox' around potentially dangerous processes.

Setuid now completely isolates processes and sets both real and effective user ids. Fixes problems with file generation ownership etc.

Searching
filter= tag added to main commands adds a new matching mechanism with inheritable patterns. This introduces a generic mechanism for pattern matching which will unify and simplify many file and process searches in the future. Allowed in copy,editfiles,files,tidy,processes 
filters:

        { filter2 # check if users set history to dev/null (up to no good)

        NameRegex:   ".*history"
        IsSymLinkTo: "/dev/null"
        Result:      "IsSymLinkTo.NameRegex"
        DefineClasses: "history"
        }
Linux
Mandrake, SuSE and Slackware classes defined
NAT
Facility for ignoring IP/name authentication for selected IP addresses for users using Network Address Translators. SkipVerify (IP list). Careful!! This could be a security risk. It generates implied trust.
Modules
Can now be passed arguments by enclosing the module in the actionsequence by quotes. e.g. 
actionsequence = ( 
                   files 
                   module:myplugin.specialclass 
                   "module:argplugin.specialclass arg1 arg2"
                   copy 
                 )
The modules return variables and classes which can be used in other actions.
Nested macros
Allowed by quotation, e.g. 
control: macro1 = ( "hello $(macro2)" )
Editfiles
Editing a directory now iterates over file tree recursively. Ignore,exclude, include and filter work here. Recurse "number" added.

EditMode "Binary" causes cfengine to examine binary files limited by editbinaryfilesize. A limited number of operations may be performed on files which are of binary type: WarnIfContainsString "x", WarnIfContainsFile "/filename" and ReplaceAll ..With... String replacement is only allowed if the replace string is of less than or equal length than the search string. If the replacement string is shorter, it is padded with NULL bytes.
Automake
courtesy of David Masterson
Repository
Can be set as a local override in copy,disable and editfiles 
repository=/mydir

or

{
 Repository "/mydir"
}
Copying
File times can now be preserved in copy with option timestamps=preserve/keep
Reserved variables
$(month) $(day) $(hr) $(min)
giving current time

In addition there is a contant trickle of minor bugs and configuration problems which get fixed.

[ English ]

Return to GNU's home page.

Please send FSF & GNU inquiries & questions to gnu@gnu.org. There are also other ways to contact the FSF.

Please send comments on these web pages to webmasters@gnu.org, send other questions to gnu@gnu.org.

Copyright (C) 2001 Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

Updated: $Date: 2001/07/20 07:06:26 $ $Author: brett $