mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
45e4d4fc3b
Detail: Previously the cloud user has full password-less sudo access. This commit changes that to only allow access to a specific list of commands. Been tested in production on ACS 4.0 and 4.2 mangement servers. BUG-ID: CLOUDSTACK-967 Bugfix-for: Reviewed-by: Reported-by: Signed-off-by: John Kinsella <jlk@stratosec.co> 1382560936 -0700
23 lines
950 B
Plaintext
23 lines
950 B
Plaintext
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# The CloudStack management server needs sudo permissions
|
|
# without a password.
|
|
|
|
@MSUSER@ ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount
|
|
|