[
https://issues.apache.org/jira/browse/KARAF-798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13073161#comment-13073161
]
Glen Mazza commented on KARAF-798:
----------------------------------
A concern I have is that some of the commands in the history file might have
sensitive data (e.g., "useradd bob password2"); being able to relocate it to a
more openly readable location might pose security risks. If there could be a
way, upon a setuid, to create a brand new history file in that user's home
directory (ignoring the one in the root home directory), that might be a better
solution.
> Support for relocating karaf.history file
> -----------------------------------------
>
> Key: KARAF-798
> URL: https://issues.apache.org/jira/browse/KARAF-798
> Project: Karaf
> Issue Type: New Feature
> Components: karaf-shell
> Reporter: Troy Waldrep
>
> We have a servicemix-based product that has to perform a setuid to a
> lower-privileged user while running on linux. We've accounted for most
> permissions-based issues that result from doing this by ensuring that the
> lower-privileged user has write access to the necessary files under the data
> directory.
> Unfortunately, we can't do this with karaf.history since it is written to the
> home directory of the user that started the stack (root in this case). The
> lower-privileged usually doesn't have *any* visibility into this directory,
> let alone write privileges. If a configuration option was provided to
> specify the location of the karaf.history file (or the option to not even
> write or expect to find one), then we could treat this file like any other.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
