On Apr 23, 7:24 am, Daniel Pittman <dan...@rimspace.net> wrote: > CraftyTech <hmmed...@gmail.com> writes: > > I'm new to puppet, and I'd like to know: Is there a formal best practices > > guide for syncing { /etc/passwd, shadow, group, hosts} across clients from > > the master? > > You will probably find the most common "best practice" answer to this is > "don't do it that way": the risks probably outweigh the cost, and using a > proper system like LDAP, NIS, or puppet user bits is probably less painful. > > > For instance; is it a better practice to make a hard link to these files and > > share the link, as opposed to just sharing the files directly via a target > > in fileserver.conf? > > I would, simply because you reduce the list of exposed files that way. > > Daniel > > By "would" I mean "would deploy LDAP, but if you insist", of course. > -- > ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707 > ♽ made with 100 percent post-consumer electrons > Thanks for the quick reply. I should have been more specific in my question: We do use ldap/DNS in our environment; I wanted to use puppet for syncing the { /etc/passwd, shadow, group, hosts} for the purposes of service accounts only, and not users in general. Also the host file would be helpful in case there are hosts names that need to be hard coded. I suppose I can create a class that creates the users for the service accounts and propagate it that way... My thought process was that if I have a hand-full of service accounts that need to be present in all hosts, and certain hosts that need to be hard- coded in the hosts file, that I would just share the previously mentioned files via hard link on fileserver.conf. There appear to be some security holes with this approach, so I have to re-think my deployment strategy.. All suggestions are welcome :-))
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.