On Tue, 9 Feb 2010, Javier Frias wrote:
Javier -
There currently isn't that level of granularity to func's permissions.
Coming up with an interface that uses the func api and applies greater
privilege separation to the modules shouldn't be too difficult.
Building a notion of authorization into Func itself will take more work.
---Brett
That what I feared... and since setuid <insert scripting language> is
a bad idea, I would need to come up with another way to expose each of
the modules and still have auth/group access control.
Thanks for the quick reply,
the minion-acls can set which methods of which modules a host/certificate
is allowed to run. But that's on each minion and could mean you
would be able to have a set of certs run various modules/methods.
look at how the minion-acls work.
-sv
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
