Restrict dog permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sheepdog |
New
|
Undecided
|
Unassigned |
Bug Description
Tested on debian, sheepdog v 0.82.
Dog can be run by any user just typing the full path /usr/sbin/dog.
This isn't wrong, but a normal user is able to create and delete vdi.
I guess it's able even to format the cluster.
Dog should restrict dangerous operation only to root.
vdi check
vdi create
vdi snapshot
vdi clone
vdi delete
vdi rollback
vdi setattr
vdi getattr
vdi resize
vdi read
vdi write
vdi backup
vdi restore
vdi cache
node kill
node md
node log
cluster format
cluster shutdown
cluster snapshot
cluster recover
cluster reweight
cluster check
Others subcommands may be run as normal user.
This may be useful for monitoring the cluster without requiring super user privilege.
vdi list
vdi tree
vdi graph
vdi object
vdi track
node list
node info
node recovery
node stat
cluster info