Bug #9523

Permissions to not encourage admin-usage.

Added by Steve Kemp almost 5 years ago. Updated over 4 years ago.

Status:NewStart date:2015-02-16
Priority:Normal++Due date:
Assignee:-% Done:

0%

Category:-
Target version:stretch

Description

Although we do not expect users to edit the various templates which symbiosis ships with this is an option.

The general approach with Symbiosis is that the admin-user is the user that should be used. Unfortunately the file-permissions don't make that easy:

admin@symb:~$ ls -l /etc/symbiosis/
total 28
drwxr-xr-x 2 root root 4096 Dec 15 12:23 apache.d
drwxr-xr-x 5 root root 4096 Nov 21 12:18 backup.d
drwxr-xr-x 2 root root 4096 Nov 21 12:18 dns.d
drwxr-xr-x 8 admin admin 4096 Nov 21 12:14 firewall
drwxr-xr-x 2 root root 4096 Dec 15 12:23 monit.d
drwxr-xr-x 11 root root 4096 Dec 15 12:23 test.d
drwxr-xr-x 2 root root 4096 Dec 15 12:23 xmpp.d
admin@symb:~$

On a pristine installation of symbiosis, from our imager, only the firewall directory is correctly writeable. This means that any user who wants to change the Apache template has to become root, for example.

History

#1 Updated by Patrick Cherry over 4 years ago

  • Target version set to jessie

#2 Updated by Patrick Cherry over 4 years ago

  • Target version changed from jessie to stretch

Not going to address this in jessie

Also available in: Atom PDF