Mark Burgess wrote:
On Thu, 2005-10-13 at 09:56 -0400, Jason Edgecombe wrote:
Hi everyone,
I work at a university, and we are currently using cfengine in our
college to manage some linux and Mac machines. In our college, there are
two admins including myself who are trusted and have total control of
the cfengine config.
Using cfengine has been proposed as being adopted by the entire
University for Mac administration. My concern is how do we inherit the
campus config and only let people in our college modify the config that
affects our machines.
For example, I am in the College of Arts & Sciences and I can only
change the cfengine configs for machines in my college. The college of
Architecture would only have access to their machines, but we both
inheirt the changes pushed out by central IT.
I simply want to limit the effects of accidental changes made by
different admins. It's not just newbieness that I'm worried about. I
don't have a full understanding of what my changes might do to another
college's computers.
Basically, how can we partition the cfengine set up between admins, but
still inherit a config from central it? Do we have to use different
cfengine servers for this?
Thanks,
Jason
Hi Jason - you don't have to use different cfengine servers for this,
but you could, The way to inherit things is to use overridable
"includes". One way to organize the permissions is to use CVS or
subversion and put the different files in different projects so that one
needs permission to edit them.
Mark
Thanks Mark,
I realize now that the difficult part isn't managing the college admin's
access to the cfengine configs. the hard part is how to properly define
the groups when ip ranges aren't useful and we have too many machines to
define groups by hand.
Jason
_______________________________________________
Help-cfengine mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-cfengine
