Hi, On Wed, Jan 16, 2013 at 10:05 PM, jcbollinger <john.bollin...@stjude.org>wrote:
> > Mostly. The master normally runs as an unprivileged user, so file and > directory access controls apply to it. If you run SELinux in enforcing > mode then SELinux policy applies no matter what user the master runs as. > There are a couple of places to which the master needs to write (its log, > its cache, ...), but appropriate access controls will prevent it from > writing elsewhere (its config file, module directories, unrelated system > directories, etc.). > Thanks for replying. That's what we're kinda trying to do now but it's not just a matter of limiting what the Puppet master can write I'm afraid. It's also important what it can read. We're using the Hiera GPG backend and the secret part of the key is stored in the masters and must to be readable by the 'puppet' user so secrets can be decrypted at catalog compilation time. Everyone could use a custom function to read the key and put it in a place where it can be fetched afterwards. Dunno, looks like my concern is going beyond of my original question a bit. I'm probably implicitly asking now if there's any way to totally disable remote code execution. About fine-grained ACLs on the writable directories, I still can think of some cases where users might end up doing malicious things, for instance erasing all the log files or even the facts cache living in /var/lib/puppet/yaml/facts. Nacho -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
