[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Editfiles convergence bug
From: |
Andrews, Martin |
Subject: |
RE: Editfiles convergence bug |
Date: |
Tue, 18 Feb 2003 22:03:33 -0500 |
I still vote for something more generic if we go this route, say:
tabfile:
/etc/passwd
delim=:
fields="user passwd uid gid comment home shell"
index=user
key=root
set=password:big-secret
Then you could also do:
tabfile:
/etc/vfstab
delim=tab
fields="dev rdev path type fsck boot options"
index=path
key=/
options=logging
The latter is a bit contrived, but I think the idea is clear.
Martin
> -----Original Message-----
> From: Jamie Wilkinson [mailto:jamie@anchor.net.au]
> Sent: Tuesday, February 18, 2003 6:12 PM
> To: help-cfengine@gnu.org
> Subject: RE: Editfiles convergence bug
>
>
> Quoting "David J. Bianco" <bianco@jlab.org>:
>
> > On Tue, 2003-02-18 at 11:28, Andrews, Martin wrote:
> > > Special support for password entries seems wrong - though
> a relaxing of
> > the
> > > ReplaceAll might be in order.
> >
> > Just out of curiousity, in what way does it seem wrong? I
> don't really
> > see how it's different than having, say, a defaultroute: action to
> > manage the system routing table. In fact, I'd say that
> it's more apt
> > to be used. System accounts need managing, too, so I think
> an account:
> > action or something like it would be a valuable addition.
>
> Agreed. I was thinking about this on the way to work this
> morning, it would be
> very hadny to ensure certain system users and groups existed.
>
> I was thinking of "user:" but I guess that could then
> confuse the usage of
> "group:".. so "account:" soudns good.
>
> account:
>
> webserver::
>
> user apache
> type=system
> home=/var/www/html
>
> cvsserver::
>
> group dev
> type=user
>
> and so on.
>
> I imaging the "type" option to tell cfengine how to create an
> uid -- some OSes
> such as Debian and Red Hat have guidelines as to which uid
> ranges are reserved
> for locally created system users and for human users --
> letting cfengine know
> what sort is being created would allow it to create the user
> along with those
> guidelines.
>
> For example, on a Debian machine, cfengine might call
> "adduser" or "adduser
> --system" depending on that flag, whereas on Red Hat it might
> call "useradd -r"
> for a system user.
>
> Does that sound sane? I think it'll be useful in my
> deployment of cfengine.
>
> Jamie
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
>
RE: Editfiles convergence bug, Craig Nelson, 2003/02/19