[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
"stealing" config files?
|
From: |
Mihai Ibanescu |
|
Subject: |
"stealing" config files? |
|
Date: |
Thu, 9 Feb 2006 16:59:34 -0500 |
|
User-agent: |
Mutt/1.4.2.1i |
Hello,
I have only recently started to evaluate cfengine, so please be patient with
me :-)
I am considering using cfengine for managing desktop machines. This would be a
network deployment - a central cfengine server would manage the clients'
configuration files / profiles / etc. I am expecting a large number of client
machines and a reasonable number of classes (including the possiblity of
storing sensitive data on the server).
Based on my understanding of cfengine, cfagent.conf (and any files in
master_cfinput) will be synchronized to all clients. Then, the local cfagent
will determine which files it needs, based on the classes the machine belongs
to.
This means that someone with root access to a client has full access to the
configuration of all hosts, and could potentially use --define to get access
to classes their machine doesn't belong to - and consequently to files it
shouldn't get.
Looking at the documentation, on the server-side, admit clauses in cfservd.conf
grant permission by host name, not by class; hence, there's no check that a
cfagent requesting a particular file is entitled to receive it.
Is that correct? If so, is there a way to prevent this from happening?
Thanks,
Misa
- "stealing" config files?,
Mihai Ibanescu <=