Forum: Cfengine Help Subject: Re: Best practices advice - Cfengine + network file systems Author: sauer Link to topic: https://cfengine.com/forum/read.php?3,21402,21406#msg-21406
While I agree with Neil, I'd further share that I usually make the permissions on underlying mountpoints 0:0/0555 so that no one has write permission when the FS is unmounted. I don't recall off the top of my head whether or not Cfengine gripes about not having write access, but it sticks in my head that it does. So, setting permissions like that when the mountpiont is created will prevent stuff from being written locally. I use 555, BTW, because some older commercial UNIXes will, under specific circumstances, have directory traversal problems related to the permissions of the underlying mountpoint. And I use 0:0 because AIX has that annoying system group instead of root. :) _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
