The problem is that root on the CFE master server could bypass all of
that. I'm confident that there are very straightforward ways to stop
non-CFE-master-root users from wreaking havoc, but then there is the
'root' problem.
I'm thinking that a two-server system under different administrative
domains such that the servers have to agree on the rules and repository
before changes are applied sounds about right.
-Jason Martin
-----Original Message-----
From:
help-cfengine-bounces+jason.h.martin=cingular.com@gnu.org
[mailto:help-cfengine-bounces+jason.h.martin=cingular.com@gnu.
org] On Behalf Of Jeremy Mates
Sent: Thursday, October 13, 2005 10:58 AM
To: help-cfengine@gnu.org
Subject: change control via CVS tags
* Martin, Jason H <jason.h.martin@cingular.com>
Along the same lines, has anyone implemented a system such
that there
is no one person capable of pushing out changes? I'm
talking about a
system analogous to the nuclear missile keys that require 2
people to
agree to launch.
One approach would be to store all the configuration under
CVS, then use a taginfo script to restrict who can apply tags
to a file[1]. This way, anyone with CVS rights could commit
files, but only certain people would have tag rights.
CFEngine would then pull from CVS only files with a certain
tag set[2].
Some extra logic in the taginfo script might ensure the same
person could not both commit and tag the file, though I have
not looked at how hard this would be. Linking all this to an
approval ticket system for SOX compliance would be even more fun...
[1] CVSPermissions is close, but uses the directory
permissions for tag
rights as well: http://sarovar.org/projects/cvspermissions
[2] stage-from-cvs is one method: http://sial.org/howto/cvs-tips/#s4
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-> cfengine
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine