Forum: CFEngine Help Subject: Re: Security Tools and Root Access Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,23093,23115#msg-23115
If Cfengine or similar is maintaining both the sudoers file and the target scripts that will be sudoed then I think you can reasonable trust them provided they have gone through enough testing. Another option is to use ssh keys with embedded commands. You can embed a command in a public ssh key. When a user logs into the target host using the matching private key the command in the public key is executed and then the session logs out. Another option might be to use cf-runagent to set a class that executes one or more bundles. I've not looked at this closely from a security perspective. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
