It is sometimes convenient to be able to restrict the access of a
program to a handful of users. This can be done by adding an access
list to the control:
section of your program. For example,
control: ... access = ( mark root )
would cause cfengine to refuse to run the program for any other users except mark and root. Such a restriction would be useful, for instance, if you intended to make set-user-id scripts but only wished certain users to be able to run them. If the access list is absent, all users can execute the program.
Note: if you are running cfengine via the cfrun
program
then cfengine is always started with the same user identity as
the cfd process on the remote host.
Normally this is the root user identity. This means that
the access keyword will have no effect on the use of
the command cfrun
.
Go to the first, previous, next, last section, table of contents.