some ideas

[Ronan KERYELL]

>>>>> On Fri, 10 May 2002 13:14:18 +0200, Henning Glawe <glaweh at physik.fu-berlin.de> said:

    Henning> why use just another structure ? FAI is pretty much enough
    Henning> for keeping all the config files. just use the follwing
    Henning> structure: 1) put _all_ your config files into a CVS
    Henning> repository, use this for installing the systems. fai copies
    Henning> the checked out version of the repository to /var/lib/config
    Henning> after installation for 'remebering' the 'status' of an
    Henning> installed system.

I wonder wether CVS is subtle enough about access rights when you get a
local copy of a file, because if the directory is not locked enough some
users may spy some passwd files (/etc/shadow, /etc/ppp/chap-secrets,...).

It looks like RCS used locally keeps the previous access rights of a file
(such as 0600,...).

By the way, how to converge toward a more secured FAI installation, without
/etc/shadow sniffing or FAI_ROOTPW sniffing in fai.conf, etc ?
-- 
    Ronan KERYELL              |\/
    Labo Informatique Télécom  |/)  Tel:    (+33|0) 2.29.00.14.15
    ENST Bretagne, BP832       K    Fax:    (+33|0) 2.29.00.12.82
    29285 PLOUZANE CEDEX       |\   E-mail: Ronan.Keryell at enst-bretagne.fr
    FRANCE                     | \  http://www-info.enst-bretagne.fr/~keryell