Ask Your Question

Only allow changes in a specific directory

asked 2013-05-30 07:09:00 -0600

tsheriffk gravatar image

Where I work, we have a separation of groups (app teams for each division, os team) and each work independently of eachother. And of course, each wants their own puppet master server for configuration management. Being an guy responsible for the OS, I obviously have issues with allowing the app teams to be able to have total control over the server if they are using their own puppet master, as who knows what they will change.. Until we can reconcile all groups and get a single master server, Is there a way that i could allow an app team to ... (more)

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2013-05-30 07:55:27 -0600

llowder gravatar image

There is not a good way to do this.

However, it may be possible to run two puppet agents, have one of them point to your centrally controlled puppet master. This one would run as root and have full control over the node.

The second agent would run as a NON root user and point to their puppet master. You would then use the filesystem's built in ACL to restrict write access to only /apps or wherever.

This is far from an ideal solution, and you will need to make sure the different agents are configured to use separate ... (more)

edit flag offensive delete link more


Thanks for the response! That was along the lines of what I was thinking... Its hard to do things using the DevOps mentality, when every division has their own IT ...(more)

tsheriffk gravatar imagetsheriffk ( 2013-05-30 11:17:11 -0600 )edit

Yes it is, especially when you have to pass audits :). The multiple module path approach is what came to my mind first. You could also allow folks to submit git ...(more)

Ancillas gravatar imageAncillas ( 2013-05-30 12:42:33 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2013-05-30 07:09:00 -0600

Seen: 33 times

Last updated: May 30 '13