[openstack-dev] [tripleo] removing sudoers.d rules from disk-image-builder

Chris Jones cmsj at tenshu.net
Thu Jul 25 08:41:37 UTC 2013


On 24 July 2013 22:18, Derek Higgins <derekh at redhat.com> wrote:
>      - setup passwordless sudo or
> Doesn't sound like a super awesome option to me, it places an ugly
> security problem on anyone wanting to set this up anywhere, imo.

I don't think its any worse then the security implications of running
di-b as root.

Assuming I interpreted this option correctly, we're talking about giving
some user blanket passwordless sudo, which seems like the kind of
requirement that no sane sysadmin is going to be interested in granting
without some seriously onerous precautions to protect against abuse/exploit.

What's the advantage here over simply fixing di-b to work when invoked with


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130725/d101530c/attachment.html>

More information about the OpenStack-dev mailing list