An example, various business units have their own developers/admins that require root on their own servers which run in their own SILOs.
The right way of deploying RPMs in house is through an intermediary utility such as opsware SA. Through that, we can reproduce and keep the state of the box consistent. If the box was to die, a new one comes up online and the same RPMs+configs (via software policy created on opsware) will be installed - end of story - box is ready to be used. IF we loosen the access now with spacewalk, then rogue elements will take shortcuts and quickly deploy this or that RPM - because its convenient. In the long term - not easily reproducible and will create a mess - especially when count of servers is in 1000s. I agree there are many ways to poke a hole and get around YUM, but restricting YUM via spacewalk - would at least give some piece of mind - knowing - no one deployed and installed something that would not be easily reproducible in the future. Its a business mindset - i don't disagree with - and i have to work with it. ________________________________________ From: [email protected] [[email protected]] On Behalf Of Brian Collins [[email protected]] Sent: Thursday, June 07, 2012 1:48 PM To: [email protected] Subject: Re: [Spacewalk-list] how to block yum usage on client systems > My issues is identical to yours. > > I'm afraid to give users YUM access as they will begin Installing stuff left > and > right, bypassing the other system we use for package deployment - HP SA > (aka Opsware). If they have root, they can also just go grab tarballs, make them, and install them. Or they can wget pre-built RPMs and install them using 'RPM'. The real problem is that you have users with root access whom you do not trust. THAT is the problem to fix. Either trust them or remove root from them. Also, what software might they install that you do not want them having? --Brian Collins _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
