Shellcommands and the Owner Attribute

From Cfwiki

The following is a code example that explains how the owner attribute works with shellcommands:

control:
                                                                                
    actionsequence = ( shellcommands )
                                                                                
shellcommands:
                                                                                
    "/usr/bin/id"
        owner=commnav
                                                                                
    "/usr/bin/env"
        owner=commnav

If you run this code you will see the resulting output:

*********************************************************************
 Main Tree Sched: shellcommands pass 1 @ Thu Sep 23 09:46:29 2004
*********************************************************************
                                                                                
cfengine:: Executing script /usr/bin/id...(timeout=0,uid=14580,gid=-1)
(Setting umask to 77)
cfengine::usr/bin/id: Changing uid to 14580
cfengine::usr/bin/id: uid=14580(commnav) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),2000(dba)
cfengine:: Finished script /usr/bin/id
cfengine:: Executing script /usr/bin/env...(timeout=0,uid=14580,gid=-1)
(Setting umask to 77)
cfengine::sr/bin/env: Changing uid to 14580
cfengine::sr/bin/env: CFINPUTS=/var/tmp/
cfengine::sr/bin/env: HOSTNAME=mir.perfectorder.com
cfengine::sr/bin/env: TERM=xterm
cfengine::sr/bin/env: SHELL=/bin/bash
cfengine::sr/bin/env: HISTSIZE=1000
cfengine::sr/bin/env: ANT_HOME=/usr/share/ant
cfengine::sr/bin/env: USER=root
cfengine::sr/bin/env: USERNAME=root
cfengine::sr/bin/env: MAIL=/var/spool/mail/root
cfengine::sr/bin/env: _=/usr/bin/env
cfengine::sr/bin/env: PWD=/var/tmp
cfengine::sr/bin/env: INPUTRC=/etc/inputrc
cfengine::sr/bin/env: JAVA_HOME=/usr/java/j2sdk1.4.2_04
cfengine::sr/bin/env: LANG=en_US.UTF-8
cfengine::sr/bin/env: SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
cfengine::sr/bin/env: HOME=/root
cfengine::sr/bin/env: SHLVL=2
cfengine::sr/bin/env: BASH_ENV=/root/.bashrc
cfengine::sr/bin/env: LOGNAME=root
cfengine::sr/bin/env: LESSOPEN=|/usr/bin/lesspipe.sh %s
cfengine::sr/bin/env: DISPLAY=localhost:12.0
cfengine::sr/bin/env: G_BROKEN_FILENAMES=1
cfengine:: Finished script /usr/bin/env

You will notice that the environment remained the that of root. This is because cfengine performs a setuid. You will also notice groups are that of the root user as well.

(Ed: Because of the way that cfengine truncates the pathname in the output above, it really does show 'cfengine::sr/bin/env')