Menu
▾
▴
Re: [etch-users] Push Configuration
|
From: Jason H. <jh...@ap...> - 2012-03-27 13:27:43
|
On Mar 26, 2012, at 10:08 PM, Phillip Smith wrote: > That would be perfect IMHO... If I had any skills in Ruby I would have a crack at doing this myself. Technically it's not pushing, just provoking the client to initiate a pull on demand, but it achieves the same result; changes are propagated promptly. > > I imagine it would introduce a small security implication since the daemon would have to be run as root to be able to spawn etch as root, but legitimate connections would come from a known source so could be firewalled easily. The daemon would need to run as root (or have NOPASSWD sudo to run etch), but if that's all it could do, didn't accept any specific commands or options from the network, etc. then the only security implications would be denial of service if someone pinged it continuously. At worst you'd just have the resource consumption of etch running continuously on your systems if someone triggered it constantly. But using some sort of shared secret like Pat suggested probably is a good idea to reduce the chance of that. |
