* Martin, Jason H <[EMAIL PROTECTED]> > The problem is that root on the CFE master server could bypass all of > that. I'm confident that there are very straightforward ways to stop > non-CFE-master-root users from wreaking havoc, but then there is the > 'root' problem.
Do not grant the usual carte blanche root access (nor sudo shell/edit access), and keep the root password for the critical build/install servers in the control of a 3rd party group without admin access. Probably requires other procedures and planning to work right... > I'm thinking that a two-server system under different administrative > domains such that the servers have to agree on the rules and > repository before changes are applied sounds about right. Hopefully the systems will be quick to debug/setup, especially if the other group is slow/on vacation when something bad happens to the other server! _______________________________________________ Help-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-cfengine
