- *configuration management*: sync files, packages, services and run commands
on remote hosts
-The goal is that even unexperienced users (with safcm or configuration
+The goal is that even inexperienced users (with safcm or configuration
management in general) should be able to apply configuration with safcm
quickly. This means all key concepts of safcm must be easy to grasp and for
each task there should be one obvious way.
injection attacks; each host only receives its own configuration and no data
from other hosts
- *safety and security*: create files with "write to temporary file", "sync",
- "rename", "sync directory" for atomicity and durability; guard against
- symlink and other TOCTOU attacks; extensive test suite
+ "rename", "sync directory" for atomicity and durability; implemented in a
+ memory safe language and using a simple synchronization protocol to prevent
+ attacks on the local host; guard against symlink and other TOCTOU attacks;
+ extensive test suite
== Overview
passed to `/bin/sh`.
When files with the same path are present in multiple groups of a host, an
-explicit _group order_ must be configured to resolve the conflict. Conflicts
-do not apply to packages and services which are simply merged from all groups.
-Commands are appended so that the same command can be executed multiple times.
+explicit _group priority_ must be configured to resolve the conflict.
+Conflicts do not apply to packages and services which are simply merged from
+all groups. Commands are appended so that the same command can be executed
+multiple times.
To sync the configuration to a remote host, the local `safcm` binary connects
to it via `ssh`. It then copies a _remote helper_ binary to `/tmp` on the
- Commands are executed with `/bin/sh -c` on the remote host which might leak
sensitive information to other users via the command line (unless `/proc` is
- mounted with `hidepid=`). Store sensitive data in a file and execute or
- source it as a workaround.
+ mounted with `hidepid=` on GNU/Linux systems). Store sensitive data in a
+ file and execute or source it as a workaround.
- Permissions of existing files and directories will be overwritten with the
- default (root/root, 0644 for files, 0755 for directories) unless manually
- configured via `permissions.yaml`. This includes important paths like
- `/root` which often have strict permissions by default, so carefully check
- the diff output for unwanted changes.
+ default (root/root or root/wheel, 0644 for files, 0755 for directories)
+ unless manually configured via `permissions.yaml`. This includes important
+ paths like `/root` which often have strict permissions by default, so
+ carefully check the output for unwanted changes.
- The full file content of all files is sent to the remote during
synchronization. This makes it impractical to synchronize large files with
== Requirements
- to build the `safcm` binary and remote helper:
- * Go >= 1.16
+ * Go >= 1.16 (for `go:embed`, `io/fs`)
* GNU make
- local host:
Adding support for other operating systems (e.g. BSDs) or distributions
including package managers (e.g. Arch, Gentoo) is easy. Please send patches.
+At the moment the remote helper is built for the following operating systems
+($GOOS) and architectures ($GOARCH). To add more architectures simply edit
+`cmd/safcm-remote/build.sh`.
+
+ - freebsd: amd64
+ - linux: amd64, armv7
+ - openbsd: amd64
+
== Authors
ruderich.org/simon / safcm / safcm.git / blobdiff