cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8339) Allow non-root credentials for adding KVM hypervisor
Date Mon, 25 May 2015 09:06:17 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14558055#comment-14558055
] 

ASF GitHub Bot commented on CLOUDSTACK-8339:
--------------------------------------------

Github user remibergsma commented on the pull request:

    https://github.com/apache/cloudstack/pull/288#issuecomment-105173698
  
    I'm focussing on getting this sorted out so we can merge.
    
    @mlsorensen I like the idea of not changing anything in case the username is 'root'. 
    
    Did some reading on 'require tty' security implications and I'm quite sure it doesn't
matter much in our case. We could as well just document it then.
    
    To wrap it up:
    - Let's make sure sudo is NOT prepended when the username equals 'root'. This way we ensure
the current behaviour is unchanged and does not require sudo
    - Since we require a sudo config anyway, let's document it properly. The minimal version
I tested (assuming a non-privileged user cloudstack, can be any user):
    
    ```
    cloudstack ALL=NOPASSWD: /usr/bin/cloudstack-setup-agent
    defaults:cloudstack !requiretty
    ```
    
    This removes the 'requiretty' only for the cloudstack user so it does not change anything
for existing sudo configs. Once we agree, I'll take care of documenting it.
    
    @bhaisaab Could you implement sudo only if non-root user please? This would then be the
only improvement before we can merge this PR. Let me know if I can help other than testing
it again.
    
    Do we all agree this is a great step we can take now?
    
    Apart from this we can discuss other improvements. I just don't want that to stop this
small improvement with great value.


> Allow non-root credentials for adding KVM hypervisor
> ----------------------------------------------------
>
>                 Key: CLOUDSTACK-8339
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8339
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: KVM
>    Affects Versions: 4.5.0
>            Reporter: Marcus Sorensen
>            Assignee: Marcus Sorensen
>             Fix For: 4.6.0
>
>
> Users prefer to not provide root ssh just to run the hypervisor add from the UI. Testing
a fix.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message