On 2019-12-10, Adam Thompson <athom...@athompso.net> wrote: > Is there a way to placate security(8) that I'm just not seeing? Or is > my goal fundamentally misguided for some reason I'm not seeing? The
Philipp is right, ************* in master.passwd's crypted password field. > user in this case is semi-trusted (e.g. yes, we'll let you login using > an unprivileged account to run bgpctl in pipelines) but not > organizationally-trusted (i.e. but that's ALL we want you to do on this > system). Just be aware that some bgpctl operations are powerful. Even with the restricted socket, full table dumps can use a lot of cpu.
