Re: "stealing" config files?

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "stealing" config files?

From:	Mihai Ibanescu
Subject:	Re: "stealing" config files?
Date:	Thu, 9 Feb 2006 18:59:15 -0500
User-agent:	Mutt/1.4.2.1i

On Thu, Feb 09, 2006 at 03:20:59PM -0800, Atom Powers wrote:
> 
> The problem with most of the ways I can think of to restrict this is
> that you have to define a class on the client, and anybody that has
> root access can look at what classes can be defined and spoof those
> classes locally. So if you really want to prevent some config files
> from getting out you have to use server-side ACLs of some kind.

That's exactly my point - see my reply to Ed's reply for a better explanation
of what I meant, but you are exactly right - the server-side ACL can be done
but it's pretty ugly - at least based on what I know about cfengine so far.

Thanks!
Misa

[Prev in Thread]

Current Thread

[Next in Thread]

"stealing" config files?, Mihai Ibanescu, 2006/02/09
- Re: "stealing" config files?, Atom Powers, 2006/02/09
  - Re: "stealing" config files?, Mihai Ibanescu <=
    - Re: "stealing" config files?, Atom Powers, 2006/02/09
- Re: "stealing" config files?, Ed Brown, 2006/02/09
  - Re: "stealing" config files?, Mihai Ibanescu, 2006/02/09
    - Re: "stealing" config files?, Ed Brown, 2006/02/09

Prev by Date: Re: "stealing" config files?
Next by Date: Re: "stealing" config files?
Previous by thread: Re: "stealing" config files?
Next by thread: Re: "stealing" config files?
Index(es):
- Date
- Thread