Merge branch 'ab#55565' of https://github.com/Keyfactor/remote-file-o…

…rchestrator into ab#55565
Keyfactor · Apr 22, 2024 · 7fd491d · 7fd491d
2 parents 031dd96 + 0a7b3d3
commit 7fd491d
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -184,16 +184,16 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
 } 
 
 <details>
-<summary><b>UseSudo</b> (Applicable for Linux orchestrated servers only)</summary>
+<summary><b>UseSudo</b> (Applicable for Linux hosted certificate stores only)</summary>
 
-* Determines whether to prefix certain Linux command with "sudo". This can be very helpful in ensuring that the user id running commands over an ssh connection uses "least permissions necessary" to process each task. Setting this value to "Y" will prefix all Linux commands with "sudo" with the expectation that the command being executed on the orchestrated Linux server will look in the sudoers file to determine whether the logged in ID has elevated permissions for that specific command. Setting this value to "N" will result in "sudo" not being added to Linux commands. For Windows orchestrated servers, this setting has no effect. 
+* Determines whether to prefix certain Linux command with "sudo". This can be very helpful in ensuring that the user id running commands over an ssh connection uses "least permissions necessary" to process each task. Setting this value to "Y" will prefix all Linux commands with "sudo" with the expectation that the command being executed on the orchestrated Linux server will look in the sudoers file to determine whether the logged in ID has elevated permissions for that specific command. Setting this value to "N" will result in "sudo" not being added to Linux commands. 
 * Allowed values - Y/N 
 * Default value - N 
 
 </details> 
 
 <details>
-<summary><b>DefaultSudoImpersonatedUser</b> (Applicable for Linux orchestrated servers only)</summary>
+<summary><b>DefaultSudoImpersonatedUser</b> (Applicable for Linux hosted certificate stores only)</summary>
 
 * Used in conjunction with UseSudo="Y", this optional setting can be used to set an alternate user id you wish to impersonate with sudo. If this option does not exist or is set to an empty string, the default user of "root" will be used. Any user id used here must have permissions to SCP/SFTP files to/from each certificate store location OR the SeparateUploadFilePath (see later in this section) as well as permissions to execute the commands listed in the "Prerequisites and Security Considerations" section above. This value will be used for all certificate stores managed by this orchestrator extension implementation UNLESS overriden by the SudoImpersonatedUser certificate store type custom field setting described later in the Certificate Store Types section.
 * Allowed values - Any valid user id that the destination Linux server will recognize
@@ -211,7 +211,7 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
 </details> 
 
 <details> 
-<summary><b>UseNegotiateAuth</b> (Applicable for Windows orchestrated servers only)</summary>
+<summary><b>UseNegotiateAuth</b> (Applicable for Windows hosted certificate stores only)</summary>
 
 * Determines if WinRM should use Negotiate (Y) when connecting to the remote server.
 * Allowed values - Y/N 
@@ -220,7 +220,7 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
 </details> 
 
 <details> 
-<summary><b>SeparateUploadFilePath</b>(Applicable for Linux managed servers only)</summary>
+<summary><b>SeparateUploadFilePath</b>(Applicable for Linux hosted certificate stores only)</summary>
 
 * Set this to the path you wish to use as the location on the orchestrated server to upload/download and later remove temporary work files when processing jobs. If set to "" or not provided, the location of the certificate store itself will be used. File transfer is performed using the SCP or SFTP protocols (see the File TransferProtocol setting).
 * Allowed values - Any valid, existing Linux path configured to allow SCP/SFTP file upload/download tranfers.
@@ -229,7 +229,7 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
 </details>
 
 <details> 
-<summary><b>FileTransferProtocol</b> (Applicable for Linux orchestrated servers only)</summary>
+<summary><b>FileTransferProtocol</b> (Applicable for Linux hosted certificate stores only)</summary>
 
 * Determines the protocol to use when uploading/downloading files while processing a job.
 * Allowed values - SCP, SFTP or Both. If "Both" is entered, SCP will be attempted first, and if that does not work, SFTP will be tried.
@@ -238,7 +238,7 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
 </details>
 
 <details> 
-<summary><b>DefaultLinuxPermissionsOnStoreCreation</b> (Applicable for Linux managed servers only)
+<summary><b>DefaultLinuxPermissionsOnStoreCreation</b> (Applicable for Linux hosted certificate stores only)</summary>
 
 * The Linux file permissions that will be set on a new certificate store created via a Management Create job or a Management Add job where CreateStoreOnAddIsMissing is set to "Y". This value will be used for all certificate stores managed by this orchestrator instance unless overridden by the optional "Linux File Permissions on Store Creation" custom parameter setting on a specific certificate store (See the "Certificatee Store Types Supported" section later in this README).
 * Allowed values - Any 3 digit value from 000-777.
@@ -248,6 +248,7 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is lo
 
 <details> 
 <summary><b>DefaultOwnerOnStoreCreation</b> (Applicable for Linux managed servers only)</summary>
+
 * When a Management job is run to remotely create the physical certificate store on a remote server, by default the file owner and group will be set to the user name associated with the Keyfactor certificate store. Setting DefaultOwnerOnStoreCreation to an alternative valid Linux user name will set that as the owner/group instead. If the group and owner need to be different values, use a ":" as a delimitter between the owner and group values, such as ownerId:groupId. Please make sure that the user associated with the certificate store will have valid permissions to chown the certificate store file to this alernative owner. The optional "Linux File Owner on Store Creation" custom parameter setting for a specific certificate store (See the "Certificatee Store Types Supported" section later in this README) can override this value for a specific store.
 * Allowed values - Any valid user id that the destination Linux server will recognize
 * Default Value - blank (the ID associated with the Keyfactor certificate store will be used).