Uploaded image for project: 'Aurora'
  1. Aurora
  2. AURORA-1641

Shell health checker is running as root

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • None
    • 0.13.0
    • Executor, Security
    • None

    Description

      As the operator of an Aurora cluster, I have to guarantee that users can run commands only with the privileges of their role. The new health checker feature is risky in that regard, as it runs all health check commands with the privileges of the Thermos runner. In most common deployments this is root.

      The Thermos runner supports various means for setting the uid/user/role that is used to run user processes. The same configuration should also apply to the user-defined health checking command.

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. AURORA-1584 Aurora 0.13.0 release candidate

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              wfarner Bill Farner
              StephanErb Stephan Erb
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: