Re: cfexecd and chmod($input_dir)

[skaar]

* Darrell Fuhriman (darrell@grumblesmurf.net) [040605 21:06]:
> Mark.Burgess@iu.hio.no writes:
> 
> > The directory must be trusted. Why do you care?
> 
> Who's the right one to decide what's trusted, the user, or the author of
> the software?  In my opinion, it's the user.

While this is a perfectly valid observeration, all software that tries
to implement levels of security, will have pre-requisites, such as 
permissions on files and directories.

What is less than optimal is that cfengine has a tendency to silently
do so under your feet, trying to do the "right thing", but failing to
appropriately inform about it.

> Here's one reason you might care: you want your sysadmins to be
> able to edit the files in inputs without being root.  Maybe it's
> not a good idea, but that's for the end-user to decide.

To this you could just as easily argue that the files distributed by
cfservd should never be edited in place, and that a mechanism to 
provide non-privileged updates to files could be implemented by other
means (many places are doing this with CVS).

> If you want to enforce that sort of policy, it should be a
> configuration option, not something hard-coded -- at the very
> least the user should have the option of disabling it.

There are more of these in cfengine, such as file permissions during
recursive copy and the default deletion of search lines with resolve.

-- 
/skaar

+-------------------------------------------------------------------+
+----- skaar@aol.net                   kent skaar   ----------------+
+----- internet services: infrastructure security   ----------------+
+-------------------------------------------------------------------+