Am 19.11.2015 um 01:00 schrieb Reindl Harald:
Am 19.11.2015 um 00:57 schrieb Ian Malone:On 18 November 2015 at 23:38, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:Am 18.11.2015 um 19:49 schrieb Adam Jackson:That's kind of a non sequitur. To a first order, there are zero root- owned files you need to edit routinely. And I feel pretty comfortable calling any counterexamples bugs that need fixinghopefully all configuration files on your system are root-owned and "routinely" is not black and white because it depens on your use-cases as serveradmin you *routinely* edit root-owned files and *yes* i pull them from 35 machines to a dedicated admin server and open them all together in a GUI editor with tabs to make changes i want to have on all servers while the file itself is machine specific why? because it's much faster than login to each and every machine when i can pull them with a script, edit them centralized and push them back followed by a "distribute-command 'systemctl condrestart affected-service'" and it saves a ton of overhead for configuration management tools with their own security issues all the timeTechnically if doing this then the editing only needs to be done as the owner of the copies and it's the process of copying them back that requires root permission on the target machinetechnically i prefer using my "rsync.sh" for any file operations just to be sure all permissions, extended attributes and so on are correct, /etc/passwd and /etc/groups have the same IDs everywhere
that said - i see no valid reason to have sensible configurations of the whole infrastructure readable by non-root on any machine and on the same machine etckeeper is running on the folders with the centralized configs
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
