All answers helped a lot.
Thanks,
George
On Tuesday, November 27, 2012 8:06:00 AM UTC-7, thbe wrote:
2012/11/27 Steven VanDevender ste...@uoregon.edu javascript:
[...]
One gathers you're not really a practicing sysadmin. What you cite are
a bunch of good reasons one should avoid running
2012/11/27 Steven VanDevender ste...@uoregon.edu
[...]
One gathers you're not really a practicing sysadmin. What you cite are
a bunch of good reasons one should avoid running daemons and
applications as root. But you can't create and manage the mechanisms
that are used to avoid running
I'm looking at Puppet as a configuration manager solution, and I was
wondering
Why is there a puppet user and group?
I realize the obvious answer is that Puppet won't run w/o it, but I don't
understand
why it just wasn't set up with root access.
thanks in advance,
george
--
You received
Because standard systems administration practice is to rarely if ever run
anything at all as root. This practice, generally speaking, will not pass
ITIL, SOX, HIPAA, or PCI compliance auditing, and if something like Puppet
(which has complete run of your system) ran as root, you could easily
Jerald Sheets writes:
Because standard systems administration practice is to rarely if ever
run anything at all as root. This practice, generally speaking, will
not pass ITIL, SOX, HIPAA, or PCI compliance auditing, and if
something like Puppet (which has complete run of your system) ran
Aaron Grewell writes:
To answer OP's question, the Puppet Master runs as user/group puppet. The
agent runs as root.
Which is, of course, entirely desirable. puppetmaster needs access only
to a limited set of files, which it needs only to serve to agents, and
hence is best run in a dedicated
In regard to: Re: [Puppet Users] New to Puppet -- why the puppet user,...:
Because standard systems administration practice is to rarely if ever
run anything at all as root.
When it doesn't require root, that's absolutely true. This relates to
the principle of least privilege.
However
