[opensuse-buildservice] Should osc support global oscrc ?
Hi all, As current code, osc/conf.py:722 os.chmod(conffile. 0600) the specified oscrc file, whether or not ~/.oscrc, should be writable for current user. But in some cases, users want to run osc as special user, e.g. nobody in some daemons, and there's no a proper place to store the writable oscrc. If osc can support global readonly oscrc for system wide configuration, the things can be easier. My question is: should osc support the readonly global oscrc? Is there any potential security issue? Thanks, - jf.ding -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2011-02-25 11:04:51 +0800, JF Ding wrote:
Hi all, As current code, osc/conf.py:722 os.chmod(conffile. 0600) the specified oscrc file, whether or not ~/.oscrc, should be writable for current user. But in some cases, users want to run osc as special user, e.g. nobody in some daemons, and there's no a proper place to store the writable oscrc. If osc can support global readonly oscrc for system wide configuration, the things can be easier.
it would be much easier if you create a home directory for your special users and suddenly all the logic would work again.
My question is: should osc support the readonly global oscrc? Is there any potential security issue?
the password is stored in the oscrc. darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hi, On Fri, Feb 25, 2011 at 7:18 PM, Marcus Rueckert <darix@opensu.se> wrote:
On 2011-02-25 11:04:51 +0800, JF Ding wrote:
Hi all, As current code, osc/conf.py:722 os.chmod(conffile. 0600) the specified oscrc file, whether or not ~/.oscrc, should be writable for current user. But in some cases, users want to run osc as special user, e.g. nobody in some daemons, and there's no a proper place to store the writable oscrc. If osc can support global readonly oscrc for system wide configuration, the things can be easier.
it would be much easier if you create a home directory for your special users and suddenly all the logic would work again. Yes, it would be much easier. But it is still another workaround. (Our current solution is also a workaround)
My question is: should osc support the readonly global oscrc? Is there any potential security issue?
the password is stored in the oscrc. Got it, it is also my understanding of why current code was written like this:)
Anyway, thanks for your proposals. - jf.ding -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2011-02-25 22:09:57 +0800, JF Ding wrote:
Yes, it would be much easier. But it is still another workaround. (Our current solution is also a workaround)
every user should have a home anyway. so i dont see why it would be much of an issue. so this is more of a correct solution and not much of a workaround. darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Not really, not every user should have a HOME. Please look at the /etc/passwd :) And, many daemon will act as "nobody", surely "nobody" has no HOME. On Fri, Feb 25, 2011 at 10:20 PM, Marcus Rueckert <darix@opensu.se> wrote:
On 2011-02-25 22:09:57 +0800, JF Ding wrote:
Yes, it would be much easier. But it is still another workaround. (Our current solution is also a workaround)
every user should have a home anyway. so i dont see why it would be much of an issue. so this is more of a correct solution and not much of a workaround.
darix
-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2011-02-26 12:31:44 +0800, JF Ding wrote:
Not really, not every user should have a HOME. Please look at the /etc/passwd :)
on my system every user has an assigned home dir.
And, many daemon will act as "nobody", surely "nobody" has no HOME.
/var/lib/nobody (on my system) darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Sat, Feb 26, 2011 at 8:15 PM, Marcus Rueckert <darix@opensu.se> wrote:
On 2011-02-26 12:31:44 +0800, JF Ding wrote:
Not really, not every user should have a HOME. Please look at the /etc/passwd :)
on my system every user has an assigned home dir.
And, many daemon will act as "nobody", surely "nobody" has no HOME.
/var/lib/nobody (on my system)
Yes, in most of current Linux system, there are some /var/lib/ dirs for these special users. And similarly '/var/empty' for nobody like users in my mac. But as my understanding, they are just pseudo ones and should not be used as normal real HOME. Maybe I am wrong :)
darix
-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Marcus Rueckert wrote:
On 2011-02-26 12:31:44 +0800, JF Ding wrote:
Not really, not every user should have a HOME. Please look at the /etc/passwd :)
on my system every user has an assigned home dir.
Users for system daemons sometimes intentionally do not have a writable home dir though.
And, many daemon will act as "nobody", surely "nobody" has no HOME.
/var/lib/nobody (on my system)
No daemon is supposed to run as user nobody anyways. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Marcus, Actually, osc should not touch or change anything in the home directory, if the permissions of oscrc are not right, then it should just refuse to run and ask the user to change the permissions of .oscrc. Another thing I noticed is that it manipulates the user credentials, removes password entries and such without asking the user, which is really a bad behaviour IMO, such changes should be confirmed or done by the user. What is wrong with having a system level oscrc file? For example in /etc/oscrc? This is not less secure, since the the permissions of the file /etc can be set to prevent other's from reading it. Anas On 25 Feb 2011, at 11:18, Marcus Rueckert wrote:
On 2011-02-25 11:04:51 +0800, JF Ding wrote:
Hi all, As current code, osc/conf.py:722 os.chmod(conffile. 0600) the specified oscrc file, whether or not ~/.oscrc, should be writable for current user. But in some cases, users want to run osc as special user, e.g. nobody in some daemons, and there's no a proper place to store the writable oscrc. If osc can support global readonly oscrc for system wide configuration, the things can be easier.
it would be much easier if you create a home directory for your special users and suddenly all the logic would work again.
My question is: should osc support the readonly global oscrc? Is there any potential security issue?
the password is stored in the oscrc.
darix
-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hi, On 2011-02-28 11:34:07 +0000, Anas Nashif wrote:
Actually, osc should not touch or change anything in the home directory, if the permissions of oscrc are not right, then it should just refuse to run and ask the user to change the permissions of .oscrc. Hmm yes we could implement this easily.
Another thing I noticed is that it manipulates the user credentials, removes password entries and such without asking the user, which is really a bad behaviour IMO, such changes should be confirmed or done by the user.
This shouldn't be the case with osc from git master anymore.
What is wrong with having a system level oscrc file? For example in /etc/oscrc? This is not less secure, since the the permissions of the file /etc can be set to prevent other's from reading it.
There's no need for a "system level" oscrc, just tell osc which configfile it should use: "osc --config /path/to/file" or set the "OSC_CONFIG" environment variable. Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 28 Feb 2011, at 12:59, Marcus Hüwe wrote:
Hi,
On 2011-02-28 11:34:07 +0000, Anas Nashif wrote:
Actually, osc should not touch or change anything in the home directory, if the permissions of oscrc are not right, then it should just refuse to run and ask the user to change the permissions of .oscrc. Hmm yes we could implement this easily.
Another thing I noticed is that it manipulates the user credentials, removes password entries and such without asking the user, which is really a bad behaviour IMO, such changes should be confirmed or done by the user.
This shouldn't be the case with osc from git master anymore.
What is wrong with having a system level oscrc file? For example in /etc/oscrc? This is not less secure, since the the permissions of the file /etc can be set to prevent other's from reading it.
There's no need for a "system level" oscrc, just tell osc which configfile it should use: "osc --config /path/to/file" or set the "OSC_CONFIG" environment variable.
Using environment variable for something like that really makes things harder than they should be, especially if we are not using the command line but osc as a module. We should be able to override the configuration when initialising osc in some other python program for example. That should work fine if we do not try to change the permissions mentioned above I guess.. Anas
Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2011-02-28 13:22:40 +0000, Anas Nashif wrote:
On 28 Feb 2011, at 12:59, Marcus Hüwe wrote:
Hi,
On 2011-02-28 11:34:07 +0000, Anas Nashif wrote:
Actually, osc should not touch or change anything in the home directory, if the permissions of oscrc are not right, then it should just refuse to run and ask the user to change the permissions of .oscrc. Hmm yes we could implement this easily.
Another thing I noticed is that it manipulates the user credentials, removes password entries and such without asking the user, which is really a bad behaviour IMO, such changes should be confirmed or done by the user.
This shouldn't be the case with osc from git master anymore.
What is wrong with having a system level oscrc file? For example in /etc/oscrc? This is not less secure, since the the permissions of the file /etc can be set to prevent other's from reading it.
There's no need for a "system level" oscrc, just tell osc which configfile it should use: "osc --config /path/to/file" or set the "OSC_CONFIG" environment variable.
Using environment variable for something like that really makes things harder than they should be, especially if we are not using the command line but osc as a module. We should be able to override the configuration when initialising osc in some other python program for example. That should work fine if we do not try to change the permissions mentioned above I guess..
As I said it's possible to change the code so that it raises an exception if the permissions of the config are "wrong". If you're writing a python module using osc you can specify a different config with "get_config(override_conffile='/path/to/config', ...)". Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2011-02-28 13:22:40 +0000, Anas Nashif wrote:
On 28 Feb 2011, at 12:59, Marcus Hüwe wrote:
Hi,
On 2011-02-28 11:34:07 +0000, Anas Nashif wrote:
Actually, osc should not touch or change anything in the home directory, if the permissions of oscrc are not right, then it should just refuse to run and ask the user to change the permissions of .oscrc. Hmm yes we could implement this easily.
Another thing I noticed is that it manipulates the user credentials, removes password entries and such without asking the user, which is really a bad behaviour IMO, such changes should be confirmed or done by the user.
This shouldn't be the case with osc from git master anymore.
What is wrong with having a system level oscrc file? For example in /etc/oscrc? This is not less secure, since the the permissions of the file /etc can be set to prevent other's from reading it.
There's no need for a "system level" oscrc, just tell osc which configfile it should use: "osc --config /path/to/file" or set the "OSC_CONFIG" environment variable.
Using environment variable for something like that really makes things harder than they should be, especially if we are not using the command line but osc as a module. We should be able to override the configuration when initialising osc in some other python program for example. That should work fine if we do not try to change the permissions mentioned above I guess..
As I said it's possible to change the code so that it raises an exception if the permissions of the config are "wrong". If you're writing a python module using osc you can specify a different config with "get_config(override_conffile='/path/to/config', ...)". Yes, we can use it (and currently using) to specify the oscrc. But the
On Tue, Mar 1, 2011 at 12:45 AM, Marcus Hüwe <suse-tux@gmx.de> wrote: problem is the oscrc must be writable for current user, for osc.conf will try to chmod it always. Would osc can do it like this: 1. get the permission of specified oscrc 2. chmod it for safety only if the permission != 0600 Thanks, jf.ding
Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (5)
-
Anas Nashif -
JF Ding -
Ludwig Nussel -
Marcus Hüwe -
Marcus Rueckert