On 4/30/12 2:35 AM, Vaze, Mandar wrote:
did the nova user /already/ have root access?
nova-rootwrap uses "sudo" to execute certain commands that require root access.
So yes, nova user already has root access via sudo. You can check /etc/sudoers
file.
It sounds like you are saying nova-rootwrap calls sudo. That's the
opposite of my understanding; my sudoers file has an entry that permits
running nova-rootwrap /as/ root. That makes me think that we're only
relying on sudo to the extent that it permits the running of rootwrap as
root, and after that we're depending entirely on rootwrap to limit
command access.
Am I missing something?
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
