Hello all, I have submitted a new patch https://review.gerrithub.io/#/c/370835/ to allow only root users to access the dbus.In the current dbus configuration, there are some security issues. For example, even a non-root user can call shutdown on a ganesha process started by root. The easiest way to fix is to allow only root for now.
For 2.6, we can have a better solution. As I understood, the plan is to support non-root as well in future. May be we can have either a user group "ganesha" and we allow only these users to have access. The other solution would be to handle authorization in code. For example, using api dbus_bus_get_unix_user() [https://dbus.freedesktop.org/doc/api/html/group__DBusBus.html#ga24d782c710f3d82caf1b1ed582dcf474] I have just started looking into it. May be this solution is intrusive and hard to maintain. I will research a bit more. Please let me know your thoughts. Thanks, Supriti ------ Supriti Singh SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
