On Tue, 2010-12-21 at 11:35 +0000, Tom Brown wrote: > Hi > > We are getting func going in a rather large environment and are > looking into its security model. Are there any best practices out > there as right now once a user can run func from the master there does > not seem to be a way to limit what within func they can execute. I am > thinking of a couple of options around sudo and wrapping func commads > but i wonder how other people solve this? > right now func can read it's keys from anywhere the config file tells it to. And you can setup acls on the minions to allow only certain methods to run based on certain keys. With that in mind it would be great to setup per-user overlord keys. Then you constrict which methods which users can run using the minion acls. -sv _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
