Judd Maltin wrote:
> This code:
>
>
> file { '/tmp/default':
> ensure => directory,
> mode => '666'
> }
>
> produces:
>
> r...@blah# ls -la /tmp/default/
> total 16
> drwxrwxrwx 2 root root 4096 2009-07-27 16:21 .
>
> That is a major security issue. I cannot recommend Puppet to my
> clients if I get different results on my filesystem than from my
> manifest.
>
> Is there a consistent culture or policy in the Puppet community to
> override explicit security configurations? It must be explicitly
> avoided in an audit, if that's the case. If there is no policy,
> perhaps we should define one?
>
> Thanks a lot!
> -judd
> >
>
Please explain to me how this is a security risk.
--
Joe McDonagh
Operations Engineer
www.colonfail.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
