On Thu, 2006-02-09 at 18:56 -0500, Mihai Ibanescu wrote: > OK, but once I got the common files, I can get the other team's files just by > defining myself as belonging to the class of the other team, can't I?
No, you can't, precisely because access is granted to hosts, not to classes. > It just struck me as strange that > access control on the server side is not done at the class level too The server knows nothing about the classes that are true on any client. It doesn't need to. > Based on my understanding, > cfengine trusts the client not to request files it doesn't need, No, there is no such trust. cfservd.conf determines what a client has access to. The client is free to request only those files. All other requests are denied. -Ed _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
