Forum: Cfengine Help Subject: Re: please advise on cfengine3 security design best practices Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,19246,19259#msg-19259
One of the nice features about the run agent is that you can have your operators use it on remote hosts without giving them access and limits, them in theory, to just causing the agent to run. In the current state an operator could append and extra command of his choosing. This would be run as the same privilege as the agent, usually root. This tips the balance of security a bit to far in my opinion. Infosec folks may be unhappy and cause you grief. _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
