[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfeninge2: ACL Code bad / not understood by me / ???
From: |
Manon Goo |
Subject: |
Re: cfeninge2: ACL Code bad / not understood by me / ??? |
Date: |
Thu, 20 Feb 2003 20:25:39 +0100 |
Update to 2.0.5 did not cure the problem.
I want to limit the usage of remote execution on manfred.nichtsnutze.de
to it's self. therfore I added the following line:
/usr/sbin/cfagent manfred.nichtsnutze.de
to my cfserverd.conf. This line does not restrict the access I can run
"cfrun manfred" from any host may it be a problem that AllowConnectionsFrom
is set ?
Manon Goo
my cfserverd.conf
#########################################################
#
# This is a cfd config file
#
# The access control here follows after any tcpd
# control in /etc/hosts.allow and /etc/hosts.deny
#
#########################################################
#
# Could import cf.groups here and use a structure like
# in cfengine.conf, cf.main, cf.groups
#
groups:
ConfigServer = ( manfred )
control:
domain = ( nichtsnutze.de )
solaris::
cfrunCommand = ( "/iu/nexus/local/gnu/bin/cfengine" )
# linux::
debian::
cfrunCommand = ( "/usr/sbin/cfagent" )
# AutoExecInterval = ( 60 )
# AutoExecCommand = ( "/iu/nexus/local/gnu/lib/cfengine/bin/cfwrap
/iu/nexus/local/gnu/lib/cfengine/bin/cfhourly")
ConfigServer::
AllowConnectionsFrom = ( 195.49.152.0/22 )
!ConfigServer::
AllowConnectionsFrom = ( 195.49.152.135 )
any::
# ChecksumDatabase = ( /tmp/testDATABASEcache )
IfElapsed = ( 1 )
MaxConnections = ( 10 )
LogAllConnections = ( true )
AllowUsers = ( root )
DynamicAddresses = ( 195.49.153.0-255 )
#########################################################
admit: # or grant:
ConfigServer::
/iu/masterfiles *.nichtsnutze.de encrypt=true
/iu/secure *.nichtsnutze.de encrypt=true
/iu/hosts *.nichtsnutze.de
/iu lutz.nichtsnutze.de
debian::
/usr/sbin/cfagent manfred.nichtsnutze.de
pgprwm6CrBJQI.pgp
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: cfeninge2: ACL Code bad / not understood by me / ???,
Manon Goo <=