[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security of CFINPUTS
From: |
Robert Shaw |
Subject: |
Re: Security of CFINPUTS |
Date: |
Tue, 15 May 2001 08:23:23 -0700 |
User-agent: |
Mutt/1.2.5i |
On Tue, May 15, 2001 at 10:35:58AM +0200, Mark Burgess wrote:
>
> I am planning to make a change in cfengine 2 whereby, if CFINPUTS
> is not set, cfengine will look for input files in /var/cfengine/inputs.
> (/var/run/cfengine is deprecated, since some OSes clear /var/run
> on reboot)
>
> Since cfengine checks the permissions and ownership of files before
> accepting (and will additionally authenticate them cryptographically in
> future), this seems like a reasonable feature, which could simplify
> setup.
>
> Does anyone have any arguments against this?
FYI, we use /etc/cfengine/inputs for our default. Isn't that what cfengine
uses by default anyway currently?
-Robert