> Jeremy Mates > * Martin, Jason H <[EMAIL PROTECTED]> > > Along the same lines, has anyone implemented a system such > that there > > is no one person capable of pushing out changes? I'm talking about a > > system analogous to the nuclear missile keys that require 2 > people to > > agree to launch. > > One approach would be to store all the configuration under > CVS, then use > a taginfo script to restrict who can apply tags to a file[1]. > This way, > anyone with CVS rights could commit files, but only certain > people would > have tag rights. CFEngine would then pull from CVS only files with a > certain tag set[2]. > > Some extra logic in the taginfo script might ensure the same person > could not both commit and tag the file, though I have not > looked at how > hard this would be. Linking all this to an approval ticket system for > SOX compliance would be even more fun... >
If you've never worked with CVS taginfo scripts, an example (which implements a simple logic check) is at http://cfwiki.org/cfwiki/index.php/Using_Cfengine_with_CVS Ultimately, though, no level of technology will solve the policy problem of a malicious root user. At some level, you have to trust your sysadmins. --Joe _______________________________________________ Help-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-cfengine
