[BBLISA] Odd question about cfengine. Can this be done?

[John Stoffel]

>>>>> "Michael" == Michael Tiernan <michael.tiernan at gmail.com> writes:

Michael> ----- "Josh Smift" <irilyth at infersys.com> wrote:

>> I'm surprised that you apparently got so much negative reaction.

Michael> I think I might have given the impression that it was worse
Michael> than it really was. The responses all seemed to be nature of
Michael> what one might call the "before the event" versions of "What
Michael> the hell were you thinking?!?!"

Michael> I think everyone's words of caution were well placed and I
Michael> appreciated them.

Michael> The idea is as some suggest, along the nature of having one
Michael> group (system admins) managing everything from "here" down
Michael> and another group dealing with the "here up" section. Yes,
Michael> there'd be lots of checking needed. (Oh and... what's it
Michael> called.... communications? :)

Michael> My asking the question was a favor and the person asking was
Michael> looking for an axe to swing between two groups who were not
Michael> seeing things eye-to-eye.

Michael> Again, thanks to everyone for the answers and the warnings of
Michael> what'd happen if one made a misstep.

Maybe the solution is to have the Oracle DBAs run their cfengine
instance as the oracle user, so that they *can't* muck around with
generic system state, but can play around in their own sandbox as much
as they want.  

Give them the gun, bullets and extra feet to shoot all they want.  But
you have your own armour keeping them at a distance.  :]

John