Escalated privileges should be minimised
Bug #2036811 reported by
Peter Matulis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Snap |
New
|
Undecided
|
Unassigned |
Bug Description
My understanding is that passwordless sudo for all commands on a machine is necessary for adding that machine to the cluster. This means that one user account on all machines in the cluster can run any command on the system without the need to enter a password. Since adding a machine is a rare occurrence, and since most would also be added in a short span of time (e.g. adding 3 nodes during initial deploy) it would behoove us to remove these privileges when they are no longer required.
To post a comment you must log in.