On Wed, Jun 15, 2011 at 5:43 AM, Alexander Fortin < [email protected]> wrote:
> Hi folks, I've finally found the time (and the will!) to test puppet and > thanks to this ml and other great resources like docs.puppetlabs.com and > #puppet on freenode, I must admit it's much easier than what I thought. It's > evident this is a great community indeed, nice job everyone! > > I've got a doubt and I wasn't able to find documentation about, so I > thought it was time to try out this ML too: I'd like to manage sensitive > data like PEM certs (to manage openvpn services for instance) and I'm > puzzled by this doubt: is it possible for a client to "steal" information > from the master? I mean, can mynode see modules/mymodule/files/mysecretfile > even if the node 'mynode' is not including that module? By default, yes. It is possible to construct an API call to access fileserver data that hasn't been explicitly assigned to that node. However you can construct your own ACLs to restrict access to certain files using auth.conf http://docs.puppetlabs.com/guides/rest_auth_conf.html For such data, I would create a specific module or custom fileserver mount, and restrict access to it explicitly. http://docs.puppetlabs.com/guides/file_serving.html -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
