help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfexecd and chmod($input_dir)


From: Darrell Fuhriman
Subject: Re: cfexecd and chmod($input_dir)
Date: Sat, 05 Jun 2004 18:06:33 -0700
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Reasonable Discussion, linux)

address@hidden writes:

> The directory must be trusted. Why do you care?

Who's the right one to decide what's trusted, the user, or the author of
the software?  In my opinion, it's the user.

Here's one reason you might care: you want your sysadmins to be
able to edit the files in inputs without being root.  Maybe it's
not a good idea, but that's for the end-user to decide.

If you want to enforce that sort of policy, it should be a
configuration option, not something hard-coded -- at the very
least the user should have the option of disabling it.

Darrell






reply via email to

[Prev in Thread] Current Thread [Next in Thread]