[chef] Re: Re: Client privileges

[Anthony Goddard < >]

Awesome, yep that's what I was looking for. Other than the concept of 
different users managing different nodes or roles, what is a use case for the 
hosted platform ACLs? Preventing a host from running a query for example? 
This was obviously a big concern pre encrypted databags, but that seems to be 
solved now.

A node being able to overwrite a cookbook is probably a concern, given they 
could throw a cookbook in place of one in a base role and then that would be 
it. Of course, having everything centrally managed by Chef server probably 
means that you're going to have good insight into user accounts and nice 
logging anyway, so this in some ways makes things more secure.

On Jun 28, 2011, at 14:26, Noah Kantrowitz 
<
 >
 wrote:

> Assuming you mean the FOSS server (Hosted Chef has its own ACL system, so 
> it can be locked down to within an inch of its life), a non-admin client 
> can read all data from the server, perform searches (read: possible CPU 
> DoS), and write to a node with the same name as the client (read: possible 
> storage DoS). Hope that helps.
> 
> --Noah
> 
> On Jun 28, 2011, at 10:52 AM, Anthony Goddard wrote:
> 
>> Hi All,
>> I'm poking around at the different privileges for admin / non admin users 
>> / clients, mostly with a view to considering what happens if root 
>> privileges are gained by a malicious user on a machine that's managed by 
>> chef. I know the user can do a lot of queries using the client.pem but 
>> can't write changes, though I'm not sure of the specifics.
>> 
>> I'm wondering if there's any more info around (haven't been able to find 
>> it on the wiki) regarding exactly what the differences are between admin 
>> users and regular users, what privileges a client has etc..
>> 
>> 
>> Cheers,
>> Ant
>> 
>> 
>