[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Editfiles convergence bug
From: |
Jamie Wilkinson |
Subject: |
RE: Editfiles convergence bug |
Date: |
Wed, 19 Feb 2003 10:12:14 +1100 |
User-agent: |
Internet Messaging Program (IMP) 3.1 |
Quoting "David J. Bianco" <bianco@jlab.org>:
> On Tue, 2003-02-18 at 11:28, Andrews, Martin wrote:
> > Special support for password entries seems wrong - though a relaxing of
> the
> > ReplaceAll might be in order.
>
> Just out of curiousity, in what way does it seem wrong? I don't really
> see how it's different than having, say, a defaultroute: action to
> manage the system routing table. In fact, I'd say that it's more apt
> to be used. System accounts need managing, too, so I think an account:
> action or something like it would be a valuable addition.
Agreed. I was thinking about this on the way to work this morning, it would be
very hadny to ensure certain system users and groups existed.
I was thinking of "user:" but I guess that could then confuse the usage of
"group:".. so "account:" soudns good.
account:
webserver::
user apache
type=system
home=/var/www/html
cvsserver::
group dev
type=user
and so on.
I imaging the "type" option to tell cfengine how to create an uid -- some OSes
such as Debian and Red Hat have guidelines as to which uid ranges are reserved
for locally created system users and for human users -- letting cfengine know
what sort is being created would allow it to create the user along with those
guidelines.
For example, on a Debian machine, cfengine might call "adduser" or "adduser
--system" depending on that flag, whereas on Red Hat it might call "useradd -r"
for a system user.
Does that sound sane? I think it'll be useful in my deployment of cfengine.
Jamie
RE: Editfiles convergence bug, Craig Nelson, 2003/02/19