Am 18.11.2015 um 19:49 schrieb Adam Jackson:
On Tue, 2015-11-17 at 17:30 +0000, Andrew Haley wrote:On 11/02/2015 03:05 PM, Adam Jackson wrote:But, why take the risk exposure, when you could simply not?How else would I edit root-owned files? I don't get it. I mean, I guess I could run an editor in a text window, but I don't want to do that.That's kind of a non sequitur. To a first order, there are zero root- owned files you need to edit routinely. And I feel pretty comfortable calling any counterexamples bugs that need fixing
hopefully all configuration files on your system are root-owned and "routinely" is not black and white because it depens on your use-cases
as serveradmin you *routinely* edit root-owned files and *yes* i pull them from 35 machines to a dedicated admin server and open them all together in a GUI editor with tabs to make changes i want to have on all servers while the file itself is machine specific
why?because it's much faster than login to each and every machine when i can pull them with a script, edit them centralized and push them back followed by a "distribute-command 'systemctl condrestart affected-service'" and it saves a ton of overhead for configuration management tools with their own security issues all the time
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct