- From: Anthony Goddard <
>
- To: "
" <
>
- Subject: [chef] Re: Re: Client privileges
- Date: Tue, 28 Jun 2011 17:36:59 -0400 (EDT)
Awesome, yep that's what I was looking for. Other than the concept of
different users managing different nodes or roles, what is a use case for the
hosted platform ACLs? Preventing a host from running a query for example?
This was obviously a big concern pre encrypted databags, but that seems to be
solved now.
A node being able to overwrite a cookbook is probably a concern, given they
could throw a cookbook in place of one in a base role and then that would be
it. Of course, having everything centrally managed by Chef server probably
means that you're going to have good insight into user accounts and nice
logging anyway, so this in some ways makes things more secure.
On Jun 28, 2011, at 14:26, Noah Kantrowitz
<
>
wrote:
>
Assuming you mean the FOSS server (Hosted Chef has its own ACL system, so
>
it can be locked down to within an inch of its life), a non-admin client
>
can read all data from the server, perform searches (read: possible CPU
>
DoS), and write to a node with the same name as the client (read: possible
>
storage DoS). Hope that helps.
>
>
--Noah
>
>
On Jun 28, 2011, at 10:52 AM, Anthony Goddard wrote:
>
>
> Hi All,
>
> I'm poking around at the different privileges for admin / non admin users
>
> / clients, mostly with a view to considering what happens if root
>
> privileges are gained by a malicious user on a machine that's managed by
>
> chef. I know the user can do a lot of queries using the client.pem but
>
> can't write changes, though I'm not sure of the specifics.
>
>
>
> I'm wondering if there's any more info around (haven't been able to find
>
> it on the wiki) regarding exactly what the differences are between admin
>
> users and regular users, what privileges a client has etc..
>
>
>
>
>
> Cheers,
>
> Ant
>
>
>
>
>
Archive powered by MHonArc 2.6.16.