Re: "stealing" config files?

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "stealing" config files?

From:	Ed Brown
Subject:	Re: "stealing" config files?
Date:	Thu, 09 Feb 2006 17:19:10 -0700

On Thu, 2006-02-09 at 18:56 -0500, Mihai Ibanescu wrote:

> OK, but once I got the common files, I can get the other team's files just by
> defining myself as belonging to the class of the other team, can't I?

No, you can't, precisely because access is granted to hosts, not to
classes. 

>  It just struck me as strange that
> access control on the server side is not done at the class level too

The server knows nothing about the classes that are true on any client.
It doesn't need to.

> Based on my understanding,
> cfengine trusts the client not to request files it doesn't need,

No, there is no such trust.  cfservd.conf determines what a client has
access to.  The client is free to request only those files.  All other
requests are denied.  

-Ed

[Prev in Thread]

Current Thread

[Next in Thread]

"stealing" config files?, Mihai Ibanescu, 2006/02/09
- Re: "stealing" config files?, Atom Powers, 2006/02/09
  - Re: "stealing" config files?, Mihai Ibanescu, 2006/02/09
    - Re: "stealing" config files?, Atom Powers, 2006/02/09
- Re: "stealing" config files?, Ed Brown, 2006/02/09
  - Re: "stealing" config files?, Mihai Ibanescu, 2006/02/09
    - Re: "stealing" config files?, Ed Brown <=

Prev by Date: Re: "stealing" config files?
Next by Date: Re: a more specific question
Previous by thread: Re: "stealing" config files?
Next by thread: error messages
Index(es):
- Date
- Thread