Re: "stealing" config files?

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "stealing" config files?

From:	Atom Powers
Subject:	Re: "stealing" config files?
Date:	Thu, 9 Feb 2006 15:20:59 -0800

They way you deploy the configuration to the clients is entirely up to
you. The "default" way to do is to copy all files to all clients using
a "copy" statement in update.conf; which will show any root user all
the files. But you can easily restrict this by creating classes and
seperate copy definitions in you update.conf.

I keep all my files in a subversion repository, and although I don't,
I could easily only checkout the files that are required by each host.

Others may keep their files on an NFS volume and use server ACLs to
restrict access.

The problem with most of the ways I can think of to restrict this is
that you have to define a class on the client, and anybody that has
root access can look at what classes can be defined and spoof those
classes locally. So if you really want to prevent some config files
from getting out you have to use server-side ACLs of some kind.

On 2/9/06, Mihai Ibanescu <misa+help-cfengine@redhat.com> wrote:
> Hello,
>
> I have only recently started to evaluate cfengine, so please be patient with
> me :-)
>
> I am considering using cfengine for managing desktop machines. This would be a
> network deployment - a central cfengine server would manage the clients'
> configuration files / profiles / etc. I am expecting a large number of client
> machines and a reasonable number of classes (including the possiblity of
> storing sensitive data on the server).
>
> Based on my understanding of cfengine, cfagent.conf (and any files in
> master_cfinput) will be synchronized to all clients. Then, the local cfagent
> will determine which files it needs, based on the classes the machine belongs
> to.
>
> This means that someone with root access to a client has full access to the
> configuration of all hosts, and could potentially use --define to get access
> to classes their machine doesn't belong to - and consequently to files it
> shouldn't get.
>
> Looking at the documentation, on the server-side, admit clauses in 
> cfservd.conf
> grant permission by host name, not by class; hence, there's no check that a
> cfagent requesting a particular file is entitled to receive it.
>
> Is that correct? If so, is there a way to prevent this from happening?
>
> Thanks,
> Misa
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
>

--
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--

[Prev in Thread]

Current Thread

[Next in Thread]

"stealing" config files?, Mihai Ibanescu, 2006/02/09
- Re: "stealing" config files?, Atom Powers <=
  - Re: "stealing" config files?, Mihai Ibanescu, 2006/02/09
    - Re: "stealing" config files?, Atom Powers, 2006/02/09
- Re: "stealing" config files?, Ed Brown, 2006/02/09
  - Re: "stealing" config files?, Mihai Ibanescu, 2006/02/09
    - Re: "stealing" config files?, Ed Brown, 2006/02/09

Prev by Date: RE: cfservd under Solaris 10 SMF
Next by Date: Re: "stealing" config files?
Previous by thread: "stealing" config files?
Next by thread: Re: "stealing" config files?
Index(es):
- Date
- Thread