-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simon Strange wrote: > Hi, > > This might be a silly question but if I have a fileserver configured like > this: > > [files] > path = /etc/puppet/files > allow * > > Does that mean: > > 1. Anybody in the world (who can reach my puppet master) can view/pull > files? > > 2. Only the clients who've been signed via the "puppetca --sign" > process can view/pull files?
There are two layers of granularity: 1. Only clients authenticated via certificate can connect. 2. Only clients which are authenticated AND specifically allowed access to the file server mount can retrieve files. Regards James Turnbull - -- Author of: * Pro Linux Systems Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFKf0PZ9hTGvAxC30ARAi5FAJwPRcFUeMH2H0UGyo4oEbhc2r+uuQCfSF3i i9zzEBw8TIMZSjGatCjsuTI= =63lk -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
