Jerald Sheets writes: > Because standard systems administration practice is to rarely if ever > run anything at all as root. This practice, generally speaking, will > not pass ITIL, SOX, HIPAA, or PCI compliance auditing, and if > something like Puppet (which has complete run of your system) ran as > root, you could easily demolish not only one but thousands of > machines with a single keystroke... well, Root is just a bad idea, > then....
One gathers you're not really a practicing sysadmin. What you cite are a bunch of good reasons one should avoid running daemons and applications as root. But you can't create and manage the mechanisms that are used to avoid running things as root without root access. A sysadmin avoids doing things as root that aren't necessary, but is otherwise obligated to use root access (carefully) on a constant basis. Puppet runs as root because it should be used to do a lot of the things that have to to be done as root. Proper standards for security should say that root access should be carefully regulated and monitored, not that it must never be allowed for remote access. If used well Puppet should actually improve your security because it can enforce site-wide standards automatically and provide better auditing of changes than haphazard manual practices. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.