From cae332dcf8fe157ba4d3565d33cdebe7f39a14c3 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@brief.schottelius.org>
Date: Tue, 17 Jan 2012 23:41:01 +0100
Subject: [PATCH] document multi developers/different trust levels setup

Signed-off-by: Nico Schottelius <nico@brief.schottelius.org>
---
 doc/man/man7/cdist-best-practice.text | 17 ++++++++++++++---
 doc/man/man7/cdist-tutorial.text      |  2 +-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/doc/man/man7/cdist-best-practice.text b/doc/man/man7/cdist-best-practice.text
index 6e5a476c..bbfd084a 100644
--- a/doc/man/man7/cdist-best-practice.text
+++ b/doc/man/man7/cdist-best-practice.text
@@ -138,9 +138,20 @@ The following **.git/config** is taken from a a real world scenario:
 Have a look at git-remote(1) to adjust the remote configuration, which allows
 
 
-MULTI DEVELOPERS/DIFFERENT TRUST RELATIONSHIP/CENTRAL SERVER APPROACH
----------------------------------------------------------------------
-FIXME before 2.0.5
+MULTIPLE DEVELOPERS WITH DIFFERENT TRUST
+----------------------------------------
+If you are working in an environment that requires different people to
+work on the same configuration, but having different privileges, you can
+implement this scenario with a gateway host and sudo:
+
+- Create a dedicated user (for instance **cdist**)
+- Setup the ssh-pubkey for this user that has the right to configure all hosts
+- Create a wrapper to update the cdist configuration in ~cdist/cdist
+- Allow every developer to execute this script via sudo as the user cdist
+- Allow run of cdist as user cdist on specific hosts on a per user/group base
+    - f.i. nico ALL=(ALL) NOPASSWD: /home/cdist/bin/cdist config hostabc
+
+For more details consult sudoers(5)
 
 SEE ALSO
 --------
diff --git a/doc/man/man7/cdist-tutorial.text b/doc/man/man7/cdist-tutorial.text
index 24846876..2bc703ce 100644
--- a/doc/man/man7/cdist-tutorial.text
+++ b/doc/man/man7/cdist-tutorial.text
@@ -65,7 +65,7 @@ SEE ALSO
 - cdist(1)
 - cdist-type(7)
 - cdist-best-practice(7)
-- cdist-stages(7)?
+- cdist-stages(7)
 - Brave New World by Aldous Huxley
 
 COPYING