Because standard systems administration practice is to rarely if ever run anything at all as root. This practice, generally speaking, will not pass ITIL, SOX, HIPAA, or PCI compliance auditing, and if something like Puppet (which has complete run of your system) ran as root, you could easily demolish not only one but thousands of machines with a single keystroke... well, Root is just a bad idea, then....
http://askubuntu.com/questions/16178/why-is-it-bad-to-run-as-root http://cboard.cprogramming.com/tech-board/123049-why-running-programs-root-so-bad.html http://unix.stackexchange.com/questions/52268/why-is-it-a-bad-idea-to-run-as-root A good best practices document on system security and elevated permissions: http://www.sans.org/reading_room/whitepapers/bestprac/system-administrator-security-practices_657 An access control article: http://www.softpanorama.org/Access_control/Accounts/root_account.shtml Another article on best practices (#1 addresses the root user) http://brajeshwar.com/2008/5-best-practices-for-linux-users/ I could go on. I just know that if the Root user could login remotely (or directly) to anything but the console on any of my corporate hosts, I'd fail audit on just about any government-compliance required site. --jms On Nov 26, 2012, at 5:17 PM, george <glwray1...@gmail.com> wrote: > I'm looking at Puppet as a configuration manager solution, and I was > wondering.... > Why is there a puppet user and group? > I realize the obvious answer is that Puppet won't run w/o it, but I don't > understand > why it just wasn't set up with root access. > > thanks in advance, > george > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/WtXL0ugYO0YJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
