[jira] [Updated] (GEODE-1909) A user with no privilege can start a server
[ https://issues.apache.org/jira/browse/GEODE-1909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jinmei Liao updated GEODE-1909: --- Description: 1) Start the locator with a security-manager: start locator --name=loc1 --security-properties-file=security.properties --classpath=/Users/jiliao/my_gemfire/security 2) connect to the locator using: guest/guest 3), try start a server as guest: start server --name=server1 --security-properties-file=serverSecurity.properties --locators=localhost[10334] The server will be started. We should allow only user with CLUSTER:MANAGE permission to start a server. was: 1) Start the locator with a security-manager: start locator --name=loc1 --security-properties-file=security.properties --classpath=/Users/jiliao/my_gemfire/security 2) connect to the locator using: guest/guest 3), try start a server as guest: start server --name=server1 --security-properties-file=serverSecurity.properties --locators=localhost[10334] The server will be started. We should allow only user with DATA:MANAGE permission to start a server. > A user with no privilege can start a server > --- > > Key: GEODE-1909 > URL: https://issues.apache.org/jira/browse/GEODE-1909 > Project: Geode > Issue Type: Bug >Reporter: Jinmei Liao >Assignee: Jinmei Liao > Labels: management > Attachments: security.json, security.properties, > serverSecurity.properties > > > 1) Start the locator with a security-manager: > start locator --name=loc1 --security-properties-file=security.properties > --classpath=/Users/jiliao/my_gemfire/security > 2) connect to the locator using: guest/guest > 3), try start a server as guest: > start server --name=server1 > --security-properties-file=serverSecurity.properties > --locators=localhost[10334] > The server will be started. > We should allow only user with CLUSTER:MANAGE permission to start a server. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (GEODE-1909) A user with no privilege can start a server
[ https://issues.apache.org/jira/browse/GEODE-1909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jinmei Liao updated GEODE-1909: --- Labels: management (was: ) > A user with no privilege can start a server > --- > > Key: GEODE-1909 > URL: https://issues.apache.org/jira/browse/GEODE-1909 > Project: Geode > Issue Type: Bug >Reporter: Jinmei Liao > Labels: management > Attachments: security.json, security.properties, > serverSecurity.properties > > > 1) Start the locator with a security-manager: > start locator --name=loc1 --security-properties-file=security.properties > --classpath=/Users/jiliao/my_gemfire/security > 2) connect to the locator using: guest/guest > 3), try start a server as guest: > start server --name=server1 > --security-properties-file=serverSecurity.properties > --locators=localhost[10334] > The server will be started. > We should allow only user with DATA:MANAGE permission to start a server. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (GEODE-1909) A user with no privilege can start a server
[ https://issues.apache.org/jira/browse/GEODE-1909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jinmei Liao updated GEODE-1909: --- Attachment: serverSecurity.properties security.properties security.json > A user with no privilege can start a server > --- > > Key: GEODE-1909 > URL: https://issues.apache.org/jira/browse/GEODE-1909 > Project: Geode > Issue Type: Bug >Reporter: Jinmei Liao > Attachments: security.json, security.properties, > serverSecurity.properties > > > 1) Start the locator with a security-manager: > start locator --name=loc1 --security-properties-file=security.properties > --classpath=/Users/jiliao/my_gemfire/security > 2) connect to the locator using: guest/guest > 3), try start a server as guest: > start server --name=server1 > --security-properties-file=serverSecurity.properties > --locators=localhost[10334] > The server will be started. > We should allow only user with DATA:MANAGE permission to start a server. -- This message was sent by Atlassian JIRA (v6.3.4#6332)