[openstack-dev] [tripleo] removing sudoers.d rules from disk-image-builder
Clint Byrum
clint at fewbar.com
Tue Jul 23 16:39:35 UTC 2013
Excerpts from Robert Collins's message of 2013-07-23 02:52:11 -0700:
> We have a bunch of sudo rules in disk-image-builder. They are there
> primarily so we could have passwordless sudo on jenkins boxes, but
> working with the infra team now, it looks like we'd run on
> devstack-gate nodes, not on jenkins directly, so they aren't needed
> for that.
>
> They don't add appreciable security for end users as they are
> trivially bypassed with link attacks.
>
> And for distributors they are not something you want to install from a package.
>
> The only thing the *do* do is permit long running builds to run
> unattended by users with out reprompting for sudo; but this isn't an
> issue for most users, as we download the bulk of data before hitting
> the first sudo call.
>
> So I'd like to change things to say:
> - either run sudo disk-image-create or
> - setup passwordless sudo or
> - don't run unattended.
>
> and delete the sudoers.d rules as being a distraction, one we no longer need.
>
> Opinions?
Keeping it simple seems more useful in keeping diskimage-builder users
secure than specifying everything. Perhaps a user who wants to chase
higher security will do so using SELinux or AppArmor. +1 for the plan.
More information about the OpenStack-dev
mailing list