Forum: Cfengine Help Subject: Re: Running cf-serverd as non-root Author: berntjernberg Link to topic: https://cfengine.com/forum/read.php?3,21136,21140#msg-21140
Hi, > Who are you trying to secure from? Local or remote user? Both. > What are the end goals of your promises? Running non-root will limit this > severely. No package management, no reading or > writing to files that the > service user does not already have access to. This will make many promises > impossible to keep. cf-execd and cf-agent will run as root so everything will work as expected, package management, reading and writing etc. cf-serverd will only run on the central policy hosts and export /opt/cfengine_repository. All input-files, os-specific files and packages will be fetched from that directory. The user running cf-serverd will have read only access to /opt/cfengine_repository. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
