[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: About rhc ssh





On Mon, Jul 20, 2015 at 12:00 AM, Jimmy Chu <jimmychu hkwtf com> wrote:

Hi,

On Openshift Origin M3, using rhc ssh command, users could remote connect into a machine. Though the default dir is /var/lib/openshift/<oo_gear_ID>, users could cd / to list and see all files in the host.

​Not all files on the host. Just those which are world-readable.​
 

This could be a security issue.

  1. Is there a fix/patch to restrict users to only his app directory (basically, chroot)?

​Nope. At least /etc/passwd needs to be visible for ssh to work.​ Other files are protected by making them not world-readable or via SELinux labels.
 
  1. If not, is there a setting to disable allowings user rhc ssh into a machine, but still able to execute git push cmd?
​git works over ssh so this is problematic and there's no plan to enable this.​

 

If this issue has been discussed in blog/previous thread, please just direct me there. Thanks


​It probably has but I'm too lazy to look it up...​

 

- JC


_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]