Re: Func Security/ACL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Tue, 9 Feb 2010, Javier Frias wrote:
Javier -

There currently isn't that level of granularity to func's permissions.

Coming up with an interface that uses the func api and applies greater
privilege separation to the modules shouldn't be too difficult.

Building a notion of authorization into Func itself will take more work.

---Brett


That what I feared...  and since setuid <insert scripting language> is
a bad idea, I would need to come up with another way to expose each of
the modules and still have auth/group access control.

Thanks for the quick reply,


the minion-acls can set which methods of which modules a host/certificate is allowed to run. But that's on each minion and could mean you would be able to have a set of certs run various modules/methods.

look at how the minion-acls work.

-sv

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list

[Index of Archives]     [Fedora Users]     [Linux Networking]     [Fedora Legacy List]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux