I'm not one of the developers, but this seems like an unnecessarily
hostile response? Perhaps you didn't mean it to come across like it did?
On 03/03/2010 19:01, Kunthar wrote:
There is already gluster user on system
root password is disabled and locked
apache is sudoer
This is totally wrong
USers;
glusterrun : run internal scripts from server
glustergui: X and gui user, suexec user
root: disabled as usual
apache: does nothing
No software is perfect, suggestions for improvements are always welcome,
but..
How does apache (ie the web gui) make any modifications to the
configuration based on your proposal? You need the PHP cgi to be able
to run the various configuration utilities? (I haven't examined the
config, but sudo allows a reasonably limited elevation profile and you
can lock it down to only allow certain executables to be run by the CGI
user. Addition of some kind of MAC layer helps lock that down even further?
I imagine that your gluster console can also be assume to be non
internet facing in general and so perhaps it's acceptable if the
required level of security is lower than desired (at least for version 1
of the product?)
Small bugs;
1.
Volume creation: nfs or cifs should be disabled upon which one
checked. It has big disaster result.
I don't understand what you mean? Can you rephrase?
Kind regards
Ed W
