Wrong permissions on users home directories

[Peter Wood]

CFEngine 3.6. I'm following the instructions on the web site to create users.

body common control {

    bundlesequence => { "mybundle" };

    inputs => {

        "/var/cfengine/inputs/def.cf",

        "/var/cfengine/inputs/lib/3.6/stdlib.cf",

    };

}

bundle agent mybundle {

  vars:

      "users" slist => { "jack" };

      "skel" string => "/etc/skel";

  users:

    !windows::

      "$(users)"

        policy => "present",

        home_dir => "/var/tmp/$(users)",

        home_bundle => home_skel($(users), $(skel));

}

bundle agent home_skel(user, skel)

{

  files:

    "/var/tmp/$(user)/."

      create => "true",

      copy_from => seed_cp($(skel)),

      perms => mog("600", "$(user)", "$(user)"),

      depth_search => recurse("inf");

}

The home directory is created with 0755-root-root permissions and ownership. The files copied from /etc/skel have the correct permissions.

What can I do to fix the directory permissions to 0700-user-group?

Thanks,

-- Peter

[Tero Kantonen]

Test it with "depth_search => recurse_with_base("inf");"

ref: https://docs.cfengine.com/docs/3.6/reference-promise-types-files.html#include_basedir

-Tero 

[Peter Wood]

It works. Thanks Tero.

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at http://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

[Peter Wood]

The recurse_with_base("inf") worked to get the file permissions right.

The SELinux context though, is not correct on the created home directories. One has to run

"restorecon -R /home/<user name>" to get it fixed.

Do I have to setup CFEngine to run this command after creating the user or there is a better way to deal with this?

Thanks,