[Gluster-devel] Gluster storage user design is false
Ed W
lists at wildgooses.com
Thu Mar 4 10:56:39 UTC 2010
I'm not one of the developers, but this seems like an unnecessarily
hostile response? Perhaps you didn't mean it to come across like it did?
On 03/03/2010 19:01, Kunthar wrote:
> There is already gluster user on system
> root password is disabled and locked
> apache is sudoer
>
> This is totally wrong
> USers;
>
> glusterrun : run internal scripts from server
> glustergui: X and gui user, suexec user
> root: disabled as usual
> apache: does nothing
>
No software is perfect, suggestions for improvements are always welcome,
but..
How does apache (ie the web gui) make any modifications to the
configuration based on your proposal? You need the PHP cgi to be able
to run the various configuration utilities? (I haven't examined the
config, but sudo allows a reasonably limited elevation profile and you
can lock it down to only allow certain executables to be run by the CGI
user. Addition of some kind of MAC layer helps lock that down even further?
I imagine that your gluster console can also be assume to be non
internet facing in general and so perhaps it's acceptable if the
required level of security is lower than desired (at least for version 1
of the product?)
> Small bugs;
> 1.
> Volume creation: nfs or cifs should be disabled upon which one
> checked. It has big disaster result.
>
I don't understand what you mean? Can you rephrase?
Kind regards
Ed W
More information about the Gluster-devel
mailing list