On Wednesday, January 16, 2013 4:30:28 AM UTC-6, Nacho Barrientos wrote: > > Hi, > > Maybe I'm missing something obvious because my question sounds very naive > to me. Anyway, here I go: > > Is it possible to prevent module developers from writing files in the > master via custom Puppet functions[0]? > > Mostly. The master normally runs as an unprivileged user, so file and directory access controls apply to it. If you run SELinux in enforcing mode then SELinux policy applies no matter what user the master runs as. There are a couple of places to which the master needs to write (its log, its cache, ...), but appropriate access controls will prevent it from writing elsewhere (its config file, module directories, unrelated system directories, etc.).
John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4UT6h8ICls8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
