[Machinery] Inspecting remote system: machinery user
Matwey V. Kornilov
matwey.kornilov at gmail.com
Thu Jul 23 03:22:49 MDT 2015
Hello,
https://github.com/SUSE/machinery/blob/master/man/machinery-inspect.1.md
says that:
"When inspecting as non-root the user has to have the following command
whitelist given in the sudoers file:
machinery ALL=(ALL) NOPASSWD:
/usr/bin/find,/usr/bin/cat,/bin/cat,/usr/bin/rsync,/bin/rpm -V
*,/bin/tar --create *"
It would be also great to specify recommended secure way to create
machinery user. I've done the following:
machinery:x:492:490::/var/lib/machinery:/bin/bash
but not sure whether it really needs bash as default shell? It would be
also great to add such a user to SUSE installations by default in future.
More information about the Machinery
mailing list