Greetings, So i've being doing some research on func, and well, it looks great. Certain a lot better than a lot of the wrappers around ssh i've had to code up every few years. But my worry is, it seems all commands are done root to root. What I meant by that, is that you need to need root on the func master, and all commands seem to be executed as root on each of the func aware nodes. There doesn't seem to be a way to restrict any usage of any part of func, once you are root on the func master. So my question is: Is there any way ( or thought, or work around, or future project ) to restrict usage of func modules per executing user? an internal acl of sorts? ( not setfacl -m u:MYUSER:rwx /var/lib/func, which is still basically, all or nothing access ) iow: yum_cmd can only be executed on hosts group "stage", by users on group "stage_access, some_other_module can only be executed on hosts group "prod", by users on group "prod_access" access to everything is only for users in group "wheel" I guess in a way, what am asking, is there a command line client that is separate from the func functions, by some sort of socket interface, instead of loading up root only readable libraries. Thanks, -Javier _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
