gluster-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gluster-devel] Gluster storage user design is false


From: Ed W
Subject: Re: [Gluster-devel] Gluster storage user design is false
Date: Thu, 04 Mar 2010 10:56:39 +0000
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.8) Gecko/20100216 Lightning/1.0b1 Thunderbird/3.0.2

I'm not one of the developers, but this seems like an unnecessarily hostile response? Perhaps you didn't mean it to come across like it did?


On 03/03/2010 19:01, Kunthar wrote:
There is already gluster user on system
root password is disabled and locked
apache is sudoer

This is totally wrong
USers;

glusterrun : run internal scripts from server
glustergui: X and gui user, suexec user
root: disabled as usual
apache: does nothing

No software is perfect, suggestions for improvements are always welcome, but..

How does apache (ie the web gui) make any modifications to the configuration based on your proposal? You need the PHP cgi to be able to run the various configuration utilities? (I haven't examined the config, but sudo allows a reasonably limited elevation profile and you can lock it down to only allow certain executables to be run by the CGI user. Addition of some kind of MAC layer helps lock that down even further?

I imagine that your gluster console can also be assume to be non internet facing in general and so perhaps it's acceptable if the required level of security is lower than desired (at least for version 1 of the product?)

Small bugs;
1.
Volume creation: nfs or cifs should be disabled upon which one
checked. It has big disaster result.

I don't understand what you mean?  Can you rephrase?


Kind regards

Ed W




reply via email to

[Prev in Thread] Current Thread [Next in Thread]