Hi, This is a request for discussion. There is also a proposal for cluster security model, but one which just came off my mind, so it might not be well thought out. At any rate, I think that we need to think about this.
Currently, heartbeat authorisation is an all or nothing affair. If one can login to one of the cluster computers and run commands as root (or hacluster), then he/she can do anything to the cluster. Recently, I was in a position to setup a kind of management environment for non-root terminal users and basically ended up surrendering the whole cluster configuration and management (via sudo). I suppose that you all know what I'm talking about. We need finer resolution access controls. I can see two obvious ways to get there: Identification/Authentication: 1a) UNIX/OS 1b) extra authentication protocol and internal user base Authorisation: 2a) UNIX security model (users, groups, permissions) 2b) ACL The 1a/2a alternatives are simpler to implement and both look appropriate for heartbeat. In particular 1b looks like a definite overkill. BTW, I suppose that mgmtd already does OS level authentication. The authorisation is more interesting. On the one hand, I suppose that it would suffice to use users/groups model as it is. On the other, permissions may need to be more elaborate. The simplest, yet still useful, way would be to implement only read, write, and execute rights. The first two would govern editing the CIB objects, whereas the execute bit might be used to allow starting/stopping resources and editing constraints. The whole thing could be configured by allowing one or two extra attributes per CIB element or they could be implemented "inline", along with the "id" attribute. Also, the authorisation attributes might be inherited from the parent in the CIB hierarchy. It looks like the whole thing should not take to much effort to implement. I guess that one could also make a much more elaborated scheme to control access, but I wonder if that would really be necessary. Your thoughts and comments, please. Cheers, Dejan _______________________________________________________ Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/
