[Puppet Users] /etc/passwd, shadow, group, hosts
Hello All,
I'm new to puppet, and I'd like to know: Is there a formal best
practices guide for syncing { /etc/passwd, shadow, group, hosts}
across clients from the master? For instance; is it a better practice
to make a hard link to these files and share the link, as opposed to
just sharing the files directly via a target in fileserver.conf?
Inquiring minds want to know...
Cheers,
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] /etc/passwd, shadow, group, hosts
On 4/23/2010 12:52 PM, CraftyTech wrote:
Hello All,
I'm new to puppet, and I'd like to know: Is there a formal best
practices guide for syncing { /etc/passwd, shadow, group, hosts}
across clients from the master? For instance; is it a better practice
to make a hard link to these files and share the link, as opposed to
just sharing the files directly via a target in fileserver.conf?
Inquiring minds want to know...
It is recommended to use the built-in host, user and group resources to
manage hosts, users and groups. That way you have fine-grained control
over the users without having to manage the complete files.
If you REALLY want to distribute the complete files, you must copy them
to your file serving area (as defined in fileserver.conf). This is for
two reaasons. 1) you don't want to create every user you need in your
cluster on the puppetmaster and 2) the puppetmaster runs with lowered
privileges and must not access the shadow file.
Best Regards, David
--
dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at
Klosterneuburg UID: ATU64260999
FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] /etc/passwd, shadow, group, hosts
CraftyTech hmmed...@gmail.com writes:
I'm new to puppet, and I'd like to know: Is there a formal best practices
guide for syncing { /etc/passwd, shadow, group, hosts} across clients from
the master?
You will probably find the most common best practice answer to this is
don't do it that way: the risks probably outweigh the cost, and using a
proper system like LDAP, NIS, or puppet user bits is probably less painful.
For instance; is it a better practice to make a hard link to these files and
share the link, as opposed to just sharing the files directly via a target
in fileserver.conf?
I would, simply because you reduce the list of exposed files that way.
Daniel
By would I mean would deploy LDAP, but if you insist, of course.
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
