cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilya musayev <ilya.mailing.li...@gmail.com>
Subject Re: sudo chmod - bad practice
Date Wed, 11 Mar 2015 23:10:44 GMT
I dont see where MS requires the use of chmod directly based on the 
quick look against ASF grep search, if someone finds it - please let me 
know.

https://git-wip-us.apache.org/repos/asf?p=cloudstack.git&a=search&h=a10a9d522c56f707a9674f1486f58697e8c5206a&st=grep&s=chmod



On 3/11/15 4:06 PM, ilya musayev wrote:
> Is there any way we can avoid having chmod in /etc/sudoers file?
>
> This line in sudoers file makes me very uncomfortable
>
> https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a
>
> 723 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l723>

>
> 724 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l724>

> class sudoersConfig(serviceCfgBase):
> 725 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l725>

>     def __init__(self, syscfg):
> 726 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l726>

>         super(sudoersConfig, self).__init__(syscfg)
> 727 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l727>

>         self.serviceName = "sudoers"
> 728 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l728>

>     def config(self):
> 729 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l729>

>         try:
> 730 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l730>

>             cfo = configFileOps("/etc/sudoers", self)
> 731 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l731>

>             cfo.addEntry("cloud ALL ", "NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount,
/bin/umount")
> 732 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l732>

>             cfo.rmEntry("Defaults", "requiretty", " ")
> 733 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l733>

>             cfo.save()
> 734 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l734>

>             return True
> 735 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l735>

>         except:
> 736 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l736>

>             raise
> 737 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l737>

>
> 738 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l738>

>     def restore(self):
> 739 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l739>

>         return True
> 740 
> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l740>

>
>
>
> Can this be avoided?
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message