If I'm not mistaken, the VmwareManagerImpl.java and HypervManagerImpl.java code would run on mgmt server and looks like it is duing sudo chmod. In the 'new Script(true ...' the true means to run sudo. Both of those look like they give cloud (and everyone, actually) permission to access a mountpoint in preparation for working on the secondary storage. The injectkeys.sh also is called via the configuration subsystem in the mgmt server to add the cloud keys into the systemvm.iso.
Many of the others look like they're required for a development environment (where most devs also run a mgmt server), but not necessarily required for operation of the mgmt server. On Wed, Mar 11, 2015 at 4:10 PM, ilya musayev <ilya.mailing.li...@gmail.com> wrote: > I dont see where MS requires the use of chmod directly based on the quick > look against ASF grep search, if someone finds it - please let me know. > > https://git-wip-us.apache.org/repos/asf?p=cloudstack.git&a=search&h=a10a9d522c56f707a9674f1486f58697e8c5206a&st=grep&s=chmod > > > > > On 3/11/15 4:06 PM, ilya musayev wrote: >> >> Is there any way we can avoid having chmod in /etc/sudoers file? >> >> This line in sudoers file makes me very uncomfortable >> >> >> https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a >> >> 723 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l723> >> 724 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l724> >> class sudoersConfig(serviceCfgBase): >> 725 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l725> >> def __init__(self, syscfg): >> 726 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l726> >> super(sudoersConfig, self).__init__(syscfg) >> 727 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l727> >> self.serviceName = "sudoers" >> 728 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l728> >> def config(self): >> 729 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l729> >> try: >> 730 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l730> >> cfo = configFileOps("/etc/sudoers", self) >> 731 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l731> >> cfo.addEntry("cloud ALL ", "NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, >> /bin/mount, /bin/umount") >> 732 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l732> >> cfo.rmEntry("Defaults", "requiretty", " ") >> 733 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l733> >> cfo.save() >> 734 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l734> >> return True >> 735 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l735> >> except: >> 736 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l736> >> raise >> 737 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l737> >> 738 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l738> >> def restore(self): >> 739 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l739> >> return True >> 740 >> <https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l740> >> >> >> Can this be avoided? >> >
