| www.delorie.com/gnu/docs/cfengine/cfengine-Tutorial_70.html | search |
 Buy GNU books! | |
| www.delorie.com/gnu/docs/cfengine/cfengine-Tutorial_70.html | search |
|
Buy GNU books! | |
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
It is a good idea to execute cfagent by getting cron to
run it regularly. This ensures that cfagent will be run even if you are
unable to log onto a host to run it yourself. Sometimes however you
will want to run cfagent immediately in order to implement a change in
configuration as quickly as possible. It would then be inconvenient
to have to log onto every host in order to do this manually. A better
way would be to issue a simple command which contacted a remote host and
ran cfagent, printing the output on your own screen:
myhost% cfrun remote-host -v output.... |
A simple user interface is provided to accomplish this. cfrun
makes a connection to a remote cfservd-daemon
and executes cfagent on that system with the privileges of the
cfservd-daemon (usually root). This has a two advantages:
A potential disadvantage with such a system is that malicious users might be able to run cfagent on remote hosts. The fact that non-root users can execute cfagent is not a problem in itself, after all the most malicious thing they would be able to do would be to check the system configuration and repair any problems. No one can tell cfagent what to do using the cfrun program, it is only possible to run an existing configuration. But a more serious concern is that malicious users might try to run cfagent repeatedly (so-called `spamming') so that a system became burdened with running cfagent constantly, See section 6.2.3 Spamming and security.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
| webmaster donations bookstore | delorie software privacy |
| Copyright © 2003 by The Free Software Foundation | Updated Jun 2003 |