[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: About rhc ssh



On Mon, Jul 20, 2015 at 8:41 AM, Luke Meyer <lmeyer redhat com> wrote:
>
>
> On Mon, Jul 20, 2015 at 12:00 AM, Jimmy Chu <jimmychu hkwtf com> wrote:
>>
>> Hi,
>>
>> On Openshift Origin M3, using rhc ssh command, users could remote connect
>> into a machine. Though the default dir is /var/lib/openshift/<oo_gear_ID>,
>> users could cd / to list and see all files in the host.
>
> Not all files on the host. Just those which are world-readable.
>
>>
>> This could be a security issue.
>>
>> Is there a fix/patch to restrict users to only his app directory
>> (basically, chroot)?
>
>
> Nope. At least /etc/passwd needs to be visible for ssh to work. Other files
> are protected by making them not world-readable or via SELinux labels.
>
>>
>> If not, is there a setting to disable allowings user rhc ssh into a
>> machine, but still able to execute git push cmd?
>
> git works over ssh so this is problematic and there's no plan to enable
> this.
>
>
>>
>> If this issue has been discussed in blog/previous thread, please just
>> direct me there. Thanks
>
>
> It probably has but I'm too lazy to look it up...

https://bugzilla.redhat.com/show_bug.cgi?id=719848

>
>
>>
>> - JC
>>
>>
>> _______________________________________________
>> dev mailing list
>> dev lists openshift redhat com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>
>
>
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]