Re: some questions

[AJ Christensen <aj@junglist.gen.nz>]

This is a major problem, and something we've discussed although no  
concrete decisions going forward have been made.

I'm interested in potential solutions for this, but walking recipes  
(server) included on a node for include_recipe and only caching those  
ones seems like a pretty good solution.

On 17/04/2009, at 11:48 PM, Miguel Cabeça wrote:

> Hi,
>
>
> > Chef client will cache all cookbooks available from the Chef server  
> > each time.
>
> Does anyone else see a problem with this?This means any node managed  
> by a chef server will have access to recipes, files and templates  
> meant for any other node. If one node is compromised, the atacker  
> will have access to sensitive data for that node and for any other  
> node just by looking at the Chef client cache.
>
> I know that the chef server is dumb and all the smarts are on the  
> chef client by design, but perhaps a smart move would be to give  
> some recipe processing brains to Chef server. At least to let it  
> make decisions about what coockbooks to provide to each client based  
> on "include_recipe" directives.
>
> For now, I'll have to leave my multi-user machines outside of chef  
> management because of that.
>
> I know that this may not be a big problem for the typical use of   
> Chef that I'm aware of (Web app server farms), for for my usage  
> scenario (Computer center of a major University in Portugal, with  
> servers, multi-user clusters and personal workstations) it is.
>
> What are your thoughts on that?
>
> Best Regards
>
> Miguel Cabeça