On 2 August 2013 20:05, Thierry Carrez <thie...@openstack.org> wrote:
> It was a bit of a maintenance nightmare (the file was maintained in > every distribution rather than centrally in openstack). Another issue > was that we shipped the same sudoers for every combination of nodes, > allowing for example nova-api to run stuff as root it should never be > allowed to run. See [1] for the limitations of using sudo which > triggered another solution in the first place. There's still nothing other than handwaving suggesting that a domain specific solution is needed. setuid binaries *should* be rare, and sudo's goal : policy driven sudo access - is totally compatible with all our needs. So I propose we do the following: - switch back to sudo except for commands where we are not willing to accept the security implications - case by case basis. - discuss with sudo upstream how to encode the business rules we need in sudo [if a sudo gate is capable of doing them - not everything will be like that] I appreciate that 'a better solution is needed', but the one we came up with has nothing fundamentally better than sudo, other than 'written in python' and 'accepts custom plugins but we aren't using that yet' : I claim YAGNI. -Rob -- Robert Collins <rbtcoll...@hp.com> Distinguished Technologist HP Cloud Services _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev