> Do not grant the usual carte blanche root access (nor sudo > shell/edit access), and keep the root password for the > critical build/install servers in the control of a 3rd party > group without admin access. Probably requires other > procedures and planning to work right... The 3rd party group would then have root and be able to make the offending changes.
> > I'm thinking that a two-server system under different > > domains such that the servers have to agree on the rules and > > repository before changes are applied sounds about right. > Hopefully the systems will be quick to debug/setup, > especially if the other group is slow/on vacation when > something bad happens to the other server! Of course it would be in a failover setup and not dependant on just one person :> -Jason Martin _______________________________________________ Help-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-cfengine
