On 2/9/06, Mihai Ibanescu <[EMAIL PROTECTED]> wrote: >The server-side ACL can be done > but it's pretty ugly - at least based on what I know about cfengine so far. > > Thanks! > Misa >
That depends on your deployment method. I use svn to checkout files from a WebDAV repository. So I could use apache's access controls to restrict files and/or directories. You could also copy files from an NFS mount and use the NFS access control features. But no matter what you do on the server you still can't trust the client. Even if you find a way to successfully resrict access to certain files, there is still nothing preventing your users from modifying update.conf or turning cfengine off entirely. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
