[Machinery] Inspecting remote system: machinery user
Thomas Goettlicher
tgoettlicher at suse.de
Thu Jul 23 06:33:40 MDT 2015
On 07/23/2015 11:22 AM, Matwey V. Kornilov wrote:
> Hello,
>
> https://github.com/SUSE/machinery/blob/master/man/machinery-inspect.1.md
> says that:
>
> "When inspecting as non-root the user has to have the following
> command whitelist given in the sudoers file:
>
> machinery ALL=(ALL) NOPASSWD:
> /usr/bin/find,/usr/bin/cat,/bin/cat,/usr/bin/rsync,/bin/rpm -V
> *,/bin/tar --create *"
>
> It would be also great to specify recommended secure way to create
> machinery user. I've done the following:
>
> machinery:x:492:490::/var/lib/machinery:/bin/bash
>
> but not sure whether it really needs bash as default shell? It would
> be also great to add such a user to SUSE installations by default in
> future.
I agree, the requirements for the remote user should be specified. I
just filed an issue:
https://github.com/SUSE/machinery/issues/1162
Thanks for reporting the lack of documentation,
Thomas
>
> _______________________________________________
> Machinery mailing list
> Machinery at lists.suse.com
> http://lists.suse.com/mailman/listinfo/machinery
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany
More information about the Machinery
mailing list