Re: "stealing" config files?

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "stealing" config files?

From:	Atom Powers
Subject:	Re: "stealing" config files?
Date:	Thu, 9 Feb 2006 16:08:01 -0800

On 2/9/06, Mihai Ibanescu <misa+help-cfengine@redhat.com> wrote:
>The server-side ACL can be done
> but it's pretty ugly - at least based on what I know about cfengine so far.
>
> Thanks!
> Misa
>

That depends on your deployment method. I use svn to checkout files
from a WebDAV repository. So I could use apache's access controls to
restrict files and/or directories. You could also copy files from an
NFS mount and use the NFS access control features.

But no matter what you do on the server you still can't trust the
client. Even if you find a way to successfully resrict access to
certain files, there is still nothing preventing your users from
modifying update.conf or turning cfengine off entirely.

--
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--

[Prev in Thread]

Current Thread

[Next in Thread]

"stealing" config files?, Mihai Ibanescu, 2006/02/09
- Re: "stealing" config files?, Atom Powers, 2006/02/09
  - Re: "stealing" config files?, Mihai Ibanescu, 2006/02/09
    - Re: "stealing" config files?, Atom Powers <=
- Re: "stealing" config files?, Ed Brown, 2006/02/09
  - Re: "stealing" config files?, Mihai Ibanescu, 2006/02/09
    - Re: "stealing" config files?, Ed Brown, 2006/02/09

Prev by Date: Re: "stealing" config files?
Next by Date: Re: "stealing" config files?
Previous by thread: Re: "stealing" config files?
Next by thread: Re: "stealing" config files?
Index(es):
- Date
- Thread