Restrict dog permissions

Bug #1335151 reported by sirio81
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sheepdog
Undecided
Unassigned

Bug Description

Tested on debian, sheepdog v 0.82.

Dog can be run by any user just typing the full path /usr/sbin/dog.
This isn't wrong, but a normal user is able to create and delete vdi.
I guess it's able even to format the cluster.

Dog should restrict dangerous operation only to root.

vdi check
vdi create
vdi snapshot
vdi clone
vdi delete
vdi rollback
vdi setattr
vdi getattr
vdi resize
vdi read
vdi write
vdi backup
vdi restore
vdi cache
node kill
node md
node log
cluster format
cluster shutdown
cluster snapshot
cluster recover
cluster reweight
cluster check

Others subcommands may be run as normal user.
This may be useful for monitoring the cluster without requiring super user privilege.

vdi list
vdi tree
vdi graph
vdi object
vdi track
node list
node info
node recovery
node stat
cluster info

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers