Opened 2 years ago

Last modified 22 months ago

#3069 assigned task

make it possible for service specific admins to use jexec

Reported by: sa2ajj Owned by:
Priority: minor Milestone: sys - other
Version: Keywords: ansible
Cc:

Description (last modified by sa2ajj)

From #3004:

sudo jexec <appropriate jail> sh for non-admins with access to a single jail

Change History (5)

comment:1 Changed 2 years ago by sa2ajj

  • Description modified (diff)

comment:2 Changed 2 years ago by dustin

Sean noted in #3004 that it's possible to escape a jail given unprivileged access to the host, which is what we'd be doing here. So we need to either decide that's OK (that we trust folks to not *deliberately* wreak havoc, and are using this only to limit accidental damage), or find another way (probably running sshd in jails).

comment:3 Changed 2 years ago by sa2ajj

  • Priority changed from major to minor

I downgrade the priority for this bridge to cross.

comment:4 Changed 2 years ago by dustin

  • Status changed from new to assigned

comment:5 Changed 22 months ago by dustin

  • Milestone changed from sys - on-bb-infra to sys - other
Note: See TracTickets for help on using tickets.