On 2017-03-06 14:24:19 -0500, Greg Ward wrote:
we use OBS in an environment where everyone can see everybody else's home dirs, so it takes very little abuse of sudo to read my co-workers' ~/.oscrc files. From there it's trivial to decode 'passx' and steal my co-workers' OBS passwords.
Is there a way to avoid this? And if so, is it documented anywhere?
You can use the python-keyring module to store your credentials. Enabling it is a bit awkward at the moment:
- osc config general use_keyring 1 - manually enter the credentials into the keyring or * delete the whole [https://<your_apiurl>] section from your ~/.oscrc (instead of deleting the section a temporary rename is also possible...) * run an arbitrary osc command, for instance, "osc -A https://<your_apiurl> ls" and enter your credentials
Marcus