search

hercules-team / augeas

A configuration editing tool and API
http://augeas.net/
GNU Lesser General Public License v2.1
486 stars 199 forks source link

augtool fails as non-root #750

Open kasbert opened 2 years ago

kasbert commented 2 years ago

I have a augeas recipe javaconf.aug

set /augeas/load/xml/lens Properties.lns
set /augeas/load/xml/incl /java.properties
set /augeas/save overwrite
load
set /files/java.properties/JAVA_HOME '/usr/lib/jvm/java'
save
errors

and a file java.properties

JAVA_HOME=foobar

The target file (java.properties) is owned by nobody, but I have a group write access to the file.

sudo chown nobody java.properties
sudo chmod g+w java.properties

Running augtool tries to chown the file and fails.

augtool -r . -LA -f javaconf.aug 
error: Failed to execute command
saving failed (run 'errors' for details)
Error in /java.properties (replace_chown)
  Operation not permitted

augtool version is 1.10.1

raphink commented 2 years ago

Do you have write access to the directory?

kasbert commented 2 years ago

Yes, and the directory is owned by me.

arkadesOrg commented 2 years ago

Same here! I guess there is no way to bypass this behaviour. But Augeas should at least ignore replacechown if /augeas/save is set to 'newfile'_ or _AUG_SAVENEWFILE flag is set. The reason for this is that I do not want to change ownership of the original file away from root, otherwise things get to complicated. Also certain groups with write permission should be able to at least write changes into configurations, but it is impossible right now.

kasbert commented 2 years ago

I would change the behaviour when savemode=overwrite (or with a new savemode) so that the file contents is copied instead of renaming the file.