[Puppet Users] /etc/passwd, shadow, group, hosts
Hello All, I'm new to puppet, and I'd like to know: Is there a formal best practices guide for syncing { /etc/passwd, shadow, group, hosts} across clients from the master? For instance; is it a better practice to make a hard link to these files and share the link, as opposed to just sharing the files directly via a target in fileserver.conf? Inquiring minds want to know... Cheers, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] /etc/passwd, shadow, group, hosts
On 4/23/2010 12:52 PM, CraftyTech wrote: Hello All, I'm new to puppet, and I'd like to know: Is there a formal best practices guide for syncing { /etc/passwd, shadow, group, hosts} across clients from the master? For instance; is it a better practice to make a hard link to these files and share the link, as opposed to just sharing the files directly via a target in fileserver.conf? Inquiring minds want to know... It is recommended to use the built-in host, user and group resources to manage hosts, users and groups. That way you have fine-grained control over the users without having to manage the complete files. If you REALLY want to distribute the complete files, you must copy them to your file serving area (as defined in fileserver.conf). This is for two reaasons. 1) you don't want to create every user you need in your cluster on the puppetmaster and 2) the puppetmaster runs with lowered privileges and must not access the shadow file. Best Regards, David -- dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] /etc/passwd, shadow, group, hosts
CraftyTech hmmed...@gmail.com writes: I'm new to puppet, and I'd like to know: Is there a formal best practices guide for syncing { /etc/passwd, shadow, group, hosts} across clients from the master? You will probably find the most common best practice answer to this is don't do it that way: the risks probably outweigh the cost, and using a proper system like LDAP, NIS, or puppet user bits is probably less painful. For instance; is it a better practice to make a hard link to these files and share the link, as opposed to just sharing the files directly via a target in fileserver.conf? I would, simply because you reduce the list of exposed files that way. Daniel By would I mean would deploy LDAP, but if you insist, of course. -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.