Avi Miller <[email protected]> writes:
> Douglas Garstang wrote:
>
>> I need to pass sensitive options, ie passwords, on the command line,
>> and don't want them to appear in log files.
>
> I work around this by storing passwords in scripts distributed by File{}
> resources that are mode 400 to root and then Exec'ing the script. That way,
> all the log/catalog sees is the script being run, but not the actual
> password itself.
That still exposes it to anyone on the machine at all[1], since they can read
it from the command line of the running process; the same is true of putting
it in the environment.
You really want the process to read it from a secure file, or to wrap it in
expect or something, if you don't trust local users.[2]
> Though, if someone has permission to read /var/log/messages, then they can
> probably also read root scripts, so YMMV.
I was going to say the same thing, then I thought about the number of places
that ship logs to something: a puppet dashboard, a central logging server, or
somewhere similar, from which you have less control over this data.
Daniel
Footnotes:
[1] ...by default; appropriate SELinux rules might be able to restrict
this, I guess, but I don't know for sure.
[2] ...which, of course, you shouldn't, because doing that turns a remote
any-user-account exploit into ownership of a second account, perhaps
root, and so on.
--
✣ Daniel Pittman ✉ [email protected] ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
