Forum: Cfengine Help Subject: Re: Cfengine Help: Re: Running cf-serverd as non-root Author: berntjernberg Link to topic: https://cfengine.com/forum/read.php?3,21152,21157#msg-21157
Hi, I have created a normal user that I run cf-serverd as. I make a copy of the binaries to ~cfengine/.cfagent/bin and /opt/cfengine/bin and libs to /opt/cfenfine/lib. I update LD_LIBRARY_PATH to include /opt/cfenfine/lib. I don't like the idea of a process in the table looking like: /home/cfengine/.cfagent/bin/cf-serverd so I use: /opt/cfengine/bin/cf-serverd. I run cf-execd and cf-agent as root to be able to change stuff. If someone manage to hack the cf-serverd one theoretically might update the masterfiles which will update all nodes potentially with malicious code/scripts/packages. I have tried the group solution but cf-agent always chown it back to root:root. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
