H?kan Olsson wrote: > Now, if only the copy keyword could copy *to* the server instead > of only from it then I wouldn't have had to use a common > NFS-(auto)mounted directory for the copy.
There are serious security implications to this. At the very least, you would need to prevent a client from modifying a file that might cause a configuration or state change in another client trusing the same cfengine server. cfservd would need a completely different security and authorization model. Moving from a read-only to a read-write service is always hard. > Possible alternatives would be for the cfagent script to contain some > other method of distribution. A web server on the central server and > having the cfagents do 'HTTP PUT' would likely work, for instance. scp > with restricted shell perhaps. I like ssh command key services. Best, Brendan -- Senior System Administrator The University of Chicago Department of Computer Science http://www.cs.uchicago.edu/people/brendan http://praksys.blogspot.com/ _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org http://cfengine.org/mailman/listinfo/help-cfengine
