Opened 6 years ago
Last modified 6 years ago
#3069 assigned task
make it possible for service specific admins to use jexec
Reported by: | sa2ajj | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | sys - other |
Version: | Keywords: | ansible | |
Cc: |
Description (last modified by sa2ajj)
From #3004:
sudo jexec <appropriate jail> sh for non-admins with access to a single jail
Change History (5)
comment:1 Changed 6 years ago by sa2ajj
- Description modified (diff)
comment:2 Changed 6 years ago by dustin
comment:3 Changed 6 years ago by sa2ajj
- Priority changed from major to minor
I downgrade the priority for this bridge to cross.
comment:4 Changed 6 years ago by dustin
- Status changed from new to assigned
comment:5 Changed 6 years ago by dustin
- Milestone changed from sys - on-bb-infra to sys - other
Note: See
TracTickets for help on using
tickets.
Sean noted in #3004 that it's possible to escape a jail given unprivileged access to the host, which is what we'd be doing here. So we need to either decide that's OK (that we trust folks to not *deliberately* wreak havoc, and are using this only to limit accidental damage), or find another way (probably running sshd in jails).