- From: Kevin Keane Subscription <
>
- To:
<
>
- Subject: [chef] RE: RE: Adding a feature in Chef Server UI
- Date: Sun, 16 Mar 2014 20:26:02 -0700
- Domainkey-signature: a=rsa-sha1; c=nofws; d=sendgrid.info; h=subject:from:to:mime-version:content-type:content-transfer-encoding:sender; q=dns; s=smtpapi; b=KmsT3YIc39oWvg/jjSrQCfDELB4NGxZr6+Vw6sXl1GyP DWtf1pMVIa2KiSu19cpezd7VTm96xdWls4U9ES0PZyCleskXyaAnEmp4t75FTggL VpMYOgLktUXdrtQssarpV4K5GMdoQ74GS8WNpKPjFW0VOrwihaKAbH2kwkexW6o=
You could reduce the security issue by using SSH with a private key to a
non-root account, preferably one with minimal permissions. Add an entry to
your sudoers file, and then use sudo to run the command.
You can further lock down the system with the SSH allowed_keys file; you can
set it up that SSH will not get a terminal and can only execute the one
command "sudo chef-client".
>
-----Original Message-----
>
From: Kadel-Garcia, Nico
>
[mailto:
>
Sent: Sunday, March 16, 2014 6:59 PM
>
To:
>
>
Subject: [chef] RE: Adding a feature in Chef Server UI
>
>
The chef server does not have the credentials to enforce that. You'd have to
>
execute something like a "knife ssh" command, with stored root passwords
>
or root ssh credentials. That's a *big* security issue.
>
>
--
>
Nico Kadel-Garcia
>
Senior Systems Consultant
>
Email:
>
>
Cell Phone: +1.339.368.2428
>
>
________________________________________
>
From:
>
>
>
<
>
>
Sent: Sunday, March 16, 2014 9:32 PM
>
To:
>
>
Subject: [chef] Adding a feature in Chef Server UI
>
>
Hi
>
>
I'm trying to integrate an 'execute recipe' functionality to my chef server
>
ui.
>
It has to do the function of 'chef-client' from the UI. Please help me to
>
do so.
>
>
Thanking you,
>
Anju
- [chef] RE: RE: Adding a feature in Chef Server UI, Kevin Keane Subscription, 03/16/2014
Archive powered by MHonArc 2.6.16.