On Thu, Feb 09, 2006 at 03:20:59PM -0800, Atom Powers wrote: > > The problem with most of the ways I can think of to restrict this is > that you have to define a class on the client, and anybody that has > root access can look at what classes can be defined and spoof those > classes locally. So if you really want to prevent some config files > from getting out you have to use server-side ACLs of some kind.
That's exactly my point - see my reply to Ed's reply for a better explanation of what I meant, but you are exactly right - the server-side ACL can be done but it's pretty ugly - at least based on what I know about cfengine so far. Thanks! Misa _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
