Forum: Cfengine Help
Subject: Re: Cfengine Help: Re: Running cf-serverd as non-root
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,21152,21165#msg-21165
Hi,
One can start cf-serverd as non-root with strict permissions on user's home
directory and .cfagent.
Forum: Cfengine Help
Subject: Re: Cfengine Help: Re: Running cf-serverd as non-root
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,21152,21164#msg-21164
Hi,
Thanks for the response, I think this is an important discussion.
> Having said that, let's consid
On Tue, Mar 15, 2011 at 1:59 PM, Mike Hoskins wrote:
> Having said that, let's consider least privilege for a minute. If your
> cfengine hosts are locked down in accordance with best practices, they
> will not be hosting other services (and likely in a DMZ). If someone
> compromises cfservd, the
On 3/15/11 7:32 AM, no-re...@cfengine.com wrote:
> Forum: Cfengine Help
> Subject: Re: Cfengine Help: Re: Running cf-serverd as non-root
> Author: berntjernberg
> Link to topic: https://cfengine.com/forum/read.php?3,21152,21155#msg-21155
>
> Hi,
>
>> So it depends on y
Forum: Cfengine Help
Subject: Re: Cfengine Help: Re: Running cf-serverd as non-root
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,21152,21157#msg-21157
Hi,
I have created a normal user that I run cf-serverd as. I make a copy of the
binaries to ~cfengine/.cfagent/bin
Forum: Cfengine Help
Subject: Re: Cfengine Help: Re: Running cf-serverd as non-root
Author: eystein
Link to topic: https://cfengine.com/forum/read.php?3,21152,21156#msg-21156
Perhaps I was a bit unclear, but there is nothing that limits you from running
any component as the user you wish
Forum: Cfengine Help
Subject: Re: Cfengine Help: Re: Running cf-serverd as non-root
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,21152,21155#msg-21155
Hi,
> So it depends on your policy I guess, but you should expect to spend
> more time if you decide to
On Tue, 15 Mar 2011 14:25:55 +0100 Eystein Måløy Stenberg
wrote:
EMS> When running as non-root, note that cf-serverd uses ~/.cfagent as
EMS> its working directory. This means it does not share workdir with
EMS> the rest of the Cfengine components.
EMS> One thing you might want to consider in
Hi Ted,
When running as non-root, note that cf-serverd uses ~/.cfagent as its
working directory.
This means it does not share workdir with the rest of the Cfengine components.
One thing you might want to consider in particular is the lastseen report.
cf-serverd creates a dbm-database of incoming c
On Mon, 14 Mar 2011 19:16:48 +0100 (CET) neilhwatson wrote:
n> Are you proposing that the agent with root privilege should fetch
n> files from the server running as non-root? I'm having trouble
n> visualizing your architecture. I appreciate the effort run at least
n> privilege but, are there an
Forum: Cfengine Help
Subject: Re: Running cf-serverd as non-root
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,21136,21151#msg-21151
Hi,
> Are you proposing that the agent with root privilege should fetch files from
> the server running as non-root?
Yes.
> I appre
Forum: Cfengine Help
Subject: Re: Running cf-serverd as non-root
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,21136,21141#msg-21141
Are you proposing that the agent with root privilege should fetch files from
the server running as non-root? I'm having trouble visualiz
Forum: Cfengine Help
Subject: Re: Running cf-serverd as non-root
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,21136,21140#msg-21140
Hi,
> Who are you trying to secure from? Local or remote user?
Both.
> What are the end goals of your promises? Running non-root will
Forum: Cfengine Help
Subject: Re: Running cf-serverd as non-root
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,21136,21137#msg-21137
Who are you trying to secure from? Local or remote user?
What are the end goals of your promises? Running non-root will limit this
sev
14 matches
Mail list logo
