Hello, I have only recently started to evaluate cfengine, so please be patient with me :-)
I am considering using cfengine for managing desktop machines. This would be a network deployment - a central cfengine server would manage the clients' configuration files / profiles / etc. I am expecting a large number of client machines and a reasonable number of classes (including the possiblity of storing sensitive data on the server). Based on my understanding of cfengine, cfagent.conf (and any files in master_cfinput) will be synchronized to all clients. Then, the local cfagent will determine which files it needs, based on the classes the machine belongs to. This means that someone with root access to a client has full access to the configuration of all hosts, and could potentially use --define to get access to classes their machine doesn't belong to - and consequently to files it shouldn't get. Looking at the documentation, on the server-side, admit clauses in cfservd.conf grant permission by host name, not by class; hence, there's no check that a cfagent requesting a particular file is entitled to receive it. Is that correct? If so, is there a way to prevent this from happening? Thanks, Misa _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
