Revision bd028152 SECURITY
b/SECURITY | ||
---|---|---|
5 | 5 |
security model is all-or-nothing. |
6 | 6 |
|
7 | 7 |
All the Ganeti code runs as root, because all the operations that Ganeti |
8 |
is doing require privileges: creating logical volumes, md arrays,
|
|
8 |
is doing require privileges: creating logical volumes, drbd devices,
|
|
9 | 9 |
starting instances, etc. Running as root does not mean setuid, but that |
10 | 10 |
you need to be root to run the cluster commands. |
11 | 11 |
|
... | ... | |
39 | 39 |
Note that only the ssh key will allow other machines to run random |
40 | 40 |
commands on this node; the RPC method will run only: |
41 | 41 |
- well defined commands to create, remove, activate logical volumes, |
42 |
DRBD disks, md arrays, start/stop instances, etc;
|
|
42 |
drbd devices, start/stop instances, etc;
|
|
43 | 43 |
- run ssh commands on other nodes in the cluster, again well-defined |
44 | 44 |
- scripts under the /etc/ganeti/hooks directory |
45 | 45 |
|
Also available in: Unified diff