2012/10/12 Michael Hanselmann <[email protected]>: > This is a first design for executing commands via RPC.
A small interdiff based on an offline discussion: --- a/doc/design-remote-commands.rst +++ b/doc/design-remote-commands.rst @@ -28,12 +28,9 @@ be taken: - No parameters may be passed - No absolute or relative path may be passed, only a filename -- Executable must reside in ``/etc/ganeti/remote-commands`` +- Executable must reside in ``/etc/ganeti/remote-commands``, which must + be owned by root:root and have mode 0755 or stricter - Must be regular files or symlinks - - Symlinks must point to a prefix within a whitelist fixed at build - time (similar to file-based storage) - - No hardlinks (``stat.nlink_t == 1``; stops accidential or deliberate - modifications through another path in the file system) - Must be executable by root:root There shall be no way to list available commands or to retrieve an Michael
