help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Editfiles convergence bug

From: Andrews, Martin
Subject: RE: Editfiles convergence bug
Date: Tue, 18 Feb 2003 22:03:33 -0500 
I still vote for something more generic if we go this route, say:

tabfile:
  /etc/passwd
    delim=:
    fields="user passwd uid gid comment home shell"
    index=user
    key=root
    set=password:big-secret


Then you could also do:

tabfile:
  /etc/vfstab
    delim=tab
    fields="dev rdev path type fsck boot options"
    index=path
    key=/
    options=logging

The latter is a bit contrived, but I think the idea is clear.

Martin

> -----Original Message-----
> From: Jamie Wilkinson [mailto:jamie@anchor.net.au]
> Sent: Tuesday, February 18, 2003 6:12 PM
> To: help-cfengine@gnu.org
> Subject: RE: Editfiles convergence bug
> 
> 
> Quoting "David J. Bianco" <bianco@jlab.org>:
> 
> > On Tue, 2003-02-18 at 11:28, Andrews, Martin wrote:
> > > Special support for password entries seems wrong - though 
> a relaxing of
> > the
> > > ReplaceAll might be in order. 
> > 
> > Just out of curiousity, in what way does it seem wrong?  I 
> don't really
> > see how it's different than having, say, a defaultroute: action to 
> > manage the system routing table.  In fact, I'd say that 
> it's more apt
> > to be used.  System accounts need managing, too, so I think 
> an account:
> > action or something like it would be a valuable addition.
> 
> Agreed.  I was thinking about this on the way to work this 
> morning, it would be
> very hadny to ensure certain system users and groups existed.
> 
> I was thinking of "user:"  but I guess that could then 
> confuse the usage of
> "group:".. so "account:" soudns good.
> 
> account:
> 
>     webserver::
> 
>         user apache
>             type=system
>             home=/var/www/html
> 
>     cvsserver::
>         
>         group dev
>             type=user
> 
> and so on.
> 
> I imaging the "type" option to tell cfengine how to create an 
> uid -- some OSes
> such as Debian and Red Hat have guidelines as to which uid 
> ranges are reserved
> for locally created system users and for human users -- 
> letting cfengine know
> what sort is being created would allow it to create the user 
> along with those
> guidelines.
> 
> For example, on a Debian machine, cfengine might call 
> "adduser" or "adduser
> --system" depending on that flag, whereas on Red Hat it might 
> call "useradd -r"
> for a system user.
> 
> Does that sound sane?  I think it'll be useful in my 
> deployment of cfengine.
> 
> Jamie
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]