[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: About rhc ssh

On Mon, Jul 20, 2015 at 12:00 AM, Jimmy Chu <jimmychu hkwtf com> wrote:


On Openshift Origin M3, using rhc ssh command, users could remote connect into a machine. Though the default dir is /var/lib/openshift/<oo_gear_ID>, users could cd / to list and see all files in the host.

​Not all files on the host. Just those which are world-readable.​

This could be a security issue.

  1. Is there a fix/patch to restrict users to only his app directory (basically, chroot)?

​Nope. At least /etc/passwd needs to be visible for ssh to work.​ Other files are protected by making them not world-readable or via SELinux labels.
  1. If not, is there a setting to disable allowings user rhc ssh into a machine, but still able to execute git push cmd?
​git works over ssh so this is problematic and there's no plan to enable this.​


If this issue has been discussed in blog/previous thread, please just direct me there. Thanks

​It probably has but I'm too lazy to look it up...​


- JC

dev mailing list
dev lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]