[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Splitting areas of responsibility
From: |
Brendan Strejcek |
Subject: |
Re: Splitting areas of responsibility |
Date: |
Fri, 26 Aug 2005 13:26:05 -0500 |
User-agent: |
Mutt/1.5.6+20040818i |
Martin, Jason H wrote:
> Is there any way to have CFE run as a particular non-root user
> (presumably once per user in question) and execute a different config
> file for each? Or, is there any trick to allowing someone to write a
> config file that can't make any root-level changes?
cfagent will run fine an a unprivileged user. The unprivileged user will
need to create keys, even if they are not using network copy statements.
It seems to me like it would be easier to not involve cfservd and
your central cfengine repository, and just let them run their own
scripts. If you choose this model, cfagent will be like any other script
interpreter. Remember to use "-f ./some/path" with cfagent.
That user can then use standard automation techniques, like cron, if
they want cfagent to be run periodically.
I have never used this in the way described above, but I often use a
similar setup when I want to test out bits of cfengine syntax.