[et-mgmt-tools] Re: cobbler aclsetup feature
Michael DeHaan
mdehaan at redhat.com
Fri Jun 6 21:53:15 UTC 2008
Peter Wright wrote:
> Robin Bowes wrote:
>> Michael DeHaan wrote:
>>
>>> So one of the requests I've gotten a lot is how can I run cobbler as
>>> non-root.
>>>
>>
>> Er, won't sudo take care of this?
>>
>>
> well cobbler will still run as root, won't it ;)
>
> a side effect of using sudo to run cobbler commands is that you get
> some sort of accounting of commands run for "free" in syslog which i
> think is kinda nice.
> Although - using ACLs is may be a more elegant solution since it
> should help lock down some sites where you want junior admins building
> systems, but don't trust them with sudo yet.
>
> just my two bits though...
>
> -p
>
>
>
>
Cheetah templates can essentially contain code, as can cobbler modules,
and triggers are pretty much straight up shell scripts.
This keeps them being run as you, rather than root.
There were some folks that were concerned about needing to run Cobbler
as root, and this is for them :)
I agree a properly configured sudoers that allows running of the cobbler
binary solves most of the needs, but it doesn't allow you access to edit
some of things you might want to edit by hand -- this does -- so IMHO
it's a bit cleaner. Some things to check in the future is coming up
with a nice way to make cobblerd not need root as well. Maybe that
makes sense, maybe it doesn't -- I need to figure it out :)
--Michael
More information about the et-mgmt-tools
mailing list