On Apr 23, 7:24 am, Daniel Pittman <dan...@rimspace.net> wrote:
> CraftyTech <hmmed...@gmail.com> writes:
> > I'm new to puppet, and I'd like to know: Is there a formal best practices
> > guide for syncing { /etc/passwd, shadow, group, hosts} across clients from
> > the master?
>
> You will probably find the most common "best practice" answer to this is
> "don't do it that way": the risks probably outweigh the cost, and using a
> proper system like LDAP, NIS, or puppet user bits is probably less painful.
>
> > For instance; is it a better practice to make a hard link to these files and
> > share the link, as opposed to just sharing the files directly via a target
> > in fileserver.conf?
>
> I would, simply because you reduce the list of exposed files that way.
>
> Daniel
>
> By "would" I mean "would deploy LDAP, but if you insist", of course.
> --
> ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707
> ♽ made with 100 percent post-consumer electrons
>
Thanks for the quick reply. I should have been more specific in my
question: We do use ldap/DNS in our environment; I wanted to use
puppet for syncing the { /etc/passwd, shadow, group, hosts} for the
purposes of service accounts only, and not users in general. Also the
host file would be helpful in case there are hosts names that need to
be hard coded. I suppose I can create a class that creates the users
for the service accounts and propagate it that way... My thought
process was that if I have a hand-full of service accounts that need
to be present in all hosts, and certain hosts that need to be hard-
coded in the hosts file, that I would just share the previously
mentioned files via hard link on fileserver.conf. There appear to be
some security holes with this approach, so I have to re-think my
deployment strategy.. All suggestions are welcome :-))
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
