- From: Noah Kantrowitz <
>
- To:
- Subject: [chef] Re: Re: Re: Client privileges
- Date: Tue, 28 Jun 2011 14:39:54 -0700
Just about anything, restricting access to data bags or to cookbooks could
have security implications, or having users that aren't full admins and can
only see/edit a subset of the nodes. The issue with cookbook uploads not
being locked down was supposed to be fixed already, I'll go investigate that
now actually :-)
--Noah
On Jun 28, 2011, at 2:36 PM, Anthony Goddard wrote:
>
Awesome, yep that's what I was looking for. Other than the concept of
>
different users managing different nodes or roles, what is a use case for
>
the hosted platform ACLs? Preventing a host from running a query for
>
example? This was obviously a big concern pre encrypted databags, but that
>
seems to be solved now.
>
>
A node being able to overwrite a cookbook is probably a concern, given they
>
could throw a cookbook in place of one in a base role and then that would
>
be it. Of course, having everything centrally managed by Chef server
>
probably means that you're going to have good insight into user accounts
>
and nice logging anyway, so this in some ways makes things more secure.
>
>
On Jun 28, 2011, at 14:26, Noah Kantrowitz
>
<
>
>
wrote:
>
>
> Assuming you mean the FOSS server (Hosted Chef has its own ACL system, so
>
> it can be locked down to within an inch of its life), a non-admin client
>
> can read all data from the server, perform searches (read: possible CPU
>
> DoS), and write to a node with the same name as the client (read: possible
>
> storage DoS). Hope that helps.
>
>
>
> --Noah
>
>
>
> On Jun 28, 2011, at 10:52 AM, Anthony Goddard wrote:
>
>
>
>> Hi All,
>
>> I'm poking around at the different privileges for admin / non admin users
>
>> / clients, mostly with a view to considering what happens if root
>
>> privileges are gained by a malicious user on a machine that's managed by
>
>> chef. I know the user can do a lot of queries using the client.pem but
>
>> can't write changes, though I'm not sure of the specifics.
>
>>
>
>> I'm wondering if there's any more info around (haven't been able to find
>
>> it on the wiki) regarding exactly what the differences are between admin
>
>> users and regular users, what privileges a client has etc..
>
>>
>
>>
>
>> Cheers,
>
>> Ant
>
>>
>
>>
>
>
Archive powered by MHonArc 2.6.16.