CFEngine expects to run using a directory of configuration files, either /var/cfengine/inputs or the user ~/.cfagent/inputs directory. These areas excel for system-wide configuration, used via cfagent or cfrun, or user specific configuration, though are less suited to testing configuration. Standalone configuration files can be written, independent of the primary directories, though require some care in their construction. These files can be used to test configuration behavior, without any influence from and lessened risk to the primary configuration areas.
Example Configuration
The replace-link-with-file.cf configuration file shows how CFEngine 2 must be invoked to run a standalone configuration. Note how pwd(1) is required to construct fully qualified paths, both for invoking the configuration, and to define paths inside the configuration.
$ cfagent -qKf `pwd`/replace-link-with-file.cf
cfengine:mu: Cannot access file/directory /var/tmp/real
cfengine:mu: Creating file /var/tmp/real, mode = 600
cfengine:mu: Linking files /var/tmp/link -> /var/tmp/real
cfengine:mu: Copying from localhost:/var/tmp/real
$ rm real link
The /tmp and /var/tmp temporary areas should not be used. The above example is an insecure use of /var/tmp. For more information about this common and woefully repeated security problem, peruse Avoid /tmp use on Unix and Perl and Temporary Files. Test instead under a dedicated directory: I either use ~/tmp, restricted only to myself, or a directory under version control that contains other reference standalone CFEngine configurations.
