[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Option to write %pre, %post in /root/anaconda-ks.cfg



Greetings,

Good topic.  The more I investigate, the more I find
that /root/anaconda-ks.cfg has rarely reflected the *exact* installation
performed (in the automated case).

Stepping back a bit ... what is the intent of /root/anaconda-ks.cfg?

 1. A "recommended" method to kickstart the recently performed manual
installation?
 2. A complete "record" of how the system was installed?

Do folks out there rely on /root/anaconda-ks.cfg much?  If so, for what?

Thanks,
James


On Mon, 2007-10-22 at 16:42 +0200, Alexander Todorov wrote:
> Hello list,
> I've just found that resulting anaconda-ks.cfg does not include the 
> %pre, %post, %traceback scripts from the ks.cfg used for installation.
> I've talked to several people and here is the result.
> 
> Why this is missing:
> 1) If the initial ks.cfg contains some sensitive information it should 
> not get written to disc.
> 
> - IMO if such info is used it's already present somewhere on disc.
> - An attacker may sniff the network traffic and discover that info if 
> needed.
> - /root is accessible to root user
> 
> Hence there is not much argument of a security point of view to skip the 
> %post in anaconda-ks.cfg
> 
> Why it should be there:
> 1) To be able to reproduce the same install over and over again. In some 
> cases %post may be tweaking settings or custom configuration.
> 
> 2) To keep the configuration used during installation in cases where 
> ks.cfg is generated dynamically/not available after some period, etc.
> 
> 3) To have things where one expects to be: anaconda-ks.cfg
> 
> How it should appear in anaconda:
> 
> - The most reasonable solution is to probably have another option 
> --write-ks-scripts which will enable this functionality.
> Scripts can be written directly to resulting anaconda-ks.cfg or in 
> separate files e.g. anaconda-ks.pre, anaconda-ks.post, etc.
> 
> Any comments and concerns are welcome.
> 
> Greetings,
> Alexander.
> 
> _______________________________________________
> Anaconda-devel-list mailing list
> Anaconda-devel-list redhat com
> https://www.redhat.com/mailman/listinfo/anaconda-devel-list
-- 
==========================================
 James Laska         -- jlaska redhat com
 Quality Engineering -- Red Hat, Inc.
==========================================


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]