what (ignition script or shell script )should be used for changing permission and content of /etc/passwd file

[Parag Gupta]

i am hardening coreOS ami . As per cis i am changing permission of some files . i am also changing text of some files .

After all these changes , i will be creating a final ami .

so should i do this with ignition script on boot time or should we do this using shell script after boot .

what is best way to do this and why ?

[Andrew Jeddeloh]

See https://github.com/coreos/bugs/issues/2618 for a recent discussion
on this and some of the pitfalls.

Ignition also runs only once, on first boot. If you boot, run
Ignition, then create an AMI from the result, Ignition won't run on
first boot of the new AMI. If you're looking to just apply a common
set of operations across a lot of machines, you can use Ignition's
config appending and append a config does the common operations to all
of your other configs and just use the normal AMIs.

- Andrew

> --
> You received this message because you are subscribed to the Google Groups "CoreOS Dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to coreos-dev+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/coreos-dev/9d97169b-88e6-4c43-9955-b5d139649276%40googlegroups.com.