On Thu, Feb 25, 2010 at 04:50:51PM +0000, Justin Sherrill wrote: > backend/satellite_tools/spacewalk-remove-channel | 4 ++++ > 1 file changed, 4 insertions(+) > > New commits: > commit 168f2ee415201678ec505844a4f98a18cd3ec007 > Author: Justin Sherrill <[email protected]> > Date: Thu Feb 25 11:50:44 2010 -0500 > > requiring root for spacewalk-remove-channel > > diff --git a/backend/satellite_tools/spacewalk-remove-channel > b/backend/satellite_tools/spacewalk-remove-channel > index b000ada..5cbf367 100755 > --- a/backend/satellite_tools/spacewalk-remove-channel > +++ b/backend/satellite_tools/spacewalk-remove-channel > @@ -53,6 +53,10 @@ options_table = [ > > def main(): > > + if os.getuid() != 0: > + sys.stderr.write('ERROR: must be root to execute\n') > + sys.exit(8)
I wonder: instead of adding more checks for the os.getuid() being zero for the command line tools to work, couldn't we move towards actually being able to run those scripts by non-root users? Basically, if the user is able to read /etc/rhn/rhn.conf, when get default_db connect string, and if they have the connect string, they can do any damage they like. If the config file cannot be read, we can fail when we actually fail to read it. Or we can fail when after trying to parse the config files, default_db is still not defined or not usable. And yes, spacewalk-remove-channel will also need to be able to remove files from /var/satellite, but again -- maybe we should be checking the ability to write there, instead of just hardcoding the root requirement. -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat _______________________________________________ Spacewalk-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-devel
