[Gllug] Production system - Linux 2.4.24, LVM and cciss
Rickey Costas
rickey at lefteris.co.uk
Mon Jan 12 18:13:28 UTC 2004
Martin A. Brooks wrote:
> At 17:37 12/01/2004 +0000, you wrote:
>
>> A tiny bit of perl programming, but less than learning a new language,
>> if you already know perl :-)
>>
>> Not knowing the problem as well as you, obviously, I could be badly
>> wrong.
>
>
> Under your system, I'd need to log into anything from 4 to 32 individual
> machines to add/remove/change a key, also there would be no way for me
> to enforce the policy, our users must have root access to their servers.
Um, yes, but it'd be done automatically. I'd scp the files to the
machines using a script. I'd scp sudoers.conf to the machines too if
necessary.
> Under my system using cfengine, I edit a single text file. Changes made
> by users to arbitrary files, accidentally or otherwise, are
> automatically backed out.
My script could use a simple single text config file too.
I'd use permissions to protect what needed protecting. If worried about
them bypassing permissions, I'd mount stuff read only. Or use tripwire,
or alternative.
I believe we are just talking different ways of skinning a cat. I'm
thinking hands and knife, you are thinking clever cat skinning machine. No ?
Anyway, I'm off to play football. Maybe I'll have a look at config
management after that.
Cheers,
Rickey.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list