ganeti-doc 2.16.0~rc2-1build1 / usr / share / doc / ganeti / html / design-restricted-commands.html

This file is indexed.

/usr/share/doc/ganeti/html/design-restricted-commands.html is in ganeti-doc 2.16.0~rc2-1build1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Design for executing commands via RPC &#8212; Ganeti 2.16.0~rc2 documentation</title>
    <link rel="stylesheet" href="_static/style.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    './',
        VERSION:     '2.16.0~rc2',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true,
        SOURCELINK_SUFFIX: '.txt'
      };
    </script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="Ganeti shared storage support" href="design-shared-storage.html" />
    <link rel="prev" title="Resource model changes" href="design-resource-model.html" /> 
  </head>
  <body>
    <div class="related" role="navigation" aria-label="related navigation">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="design-shared-storage.html" title="Ganeti shared storage support"
             accesskey="N">next</a></li>
        <li class="right" >
          <a href="design-resource-model.html" title="Resource model changes"
             accesskey="P">previous</a> |</li>
        <li class="nav-item nav-item-0"><a href="index.html">Ganeti 2.16.0~rc2 documentation</a> &#187;</li> 
      </ul>
    </div>  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body" role="main">
            
  <div class="section" id="design-for-executing-commands-via-rpc">
<h1><a class="toc-backref" href="#id1">Design for executing commands via RPC</a><a class="headerlink" href="#design-for-executing-commands-via-rpc" title="Permalink to this headline"></a></h1>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">Created:</th><td class="field-body">2012-Oct-16</td>
</tr>
<tr class="field-even field"><th class="field-name">Status:</th><td class="field-body">Implemented</td>
</tr>
<tr class="field-odd field"><th class="field-name">Ganeti-Version:</th><td class="field-body">2.7.0</td>
</tr>
</tbody>
</table>
<div class="contents topic" id="contents">
<p class="topic-title first">Contents</p>
<ul class="simple">
<li><a class="reference internal" href="#design-for-executing-commands-via-rpc" id="id1">Design for executing commands via RPC</a><ul>
<li><a class="reference internal" href="#current-state-and-shortcomings" id="id2">Current state and shortcomings</a></li>
<li><a class="reference internal" href="#proposed-changes" id="id3">Proposed changes</a></li>
</ul>
</li>
</ul>
</div>
<div class="section" id="current-state-and-shortcomings">
<h2><a class="toc-backref" href="#id2">Current state and shortcomings</a><a class="headerlink" href="#current-state-and-shortcomings" title="Permalink to this headline"></a></h2>
<p>We have encountered situations where a node was no longer responding to
attempts at connecting via SSH or SSH became unavailable through other
means. Quite often the node daemon is still available, even in
situations where there’s little free memory. The latter is due to the
node daemon being locked into main memory using <code class="docutils literal"><span class="pre">mlock(2)</span></code>.</p>
<p>Since the node daemon does not allow the execution of arbitrary
commands, quite often the only solution left was either to attempt a
powercycle request via said node daemon or to physically reset the node.</p>
</div>
<div class="section" id="proposed-changes">
<h2><a class="toc-backref" href="#id3">Proposed changes</a><a class="headerlink" href="#proposed-changes" title="Permalink to this headline"></a></h2>
<p>The goal of this design is to allow the execution of non-arbitrary
commands via RPC requests. Since this can be dangerous in case the
cluster certificate (<code class="docutils literal"><span class="pre">server.pem</span></code>) is leaked, some precautions need to
be taken:</p>
<ul class="simple">
<li>No parameters may be passed</li>
<li>No absolute or relative path may be passed, only a filename</li>
<li>Executable must reside in <code class="docutils literal"><span class="pre">/etc/ganeti/restricted-commands</span></code>, which must
be owned by root:root and have mode 0755 or stricter
- Must be regular files or symlinks
- Must be executable by root:root</li>
</ul>
<p>There shall be no way to list available commands or to retrieve an
executable’s contents. The result from a request to execute a specific
command will either be its output and exit code, or a generic error
message. Only the receiving node’s log files shall contain information
as to why executing the command failed.</p>
<p>To slow down dictionary attacks on command names in case an attacker
manages to obtain a copy of <code class="docutils literal"><span class="pre">server.pem</span></code>, a system-wide, file-based
lock is acquired before verifying the command name and its executable.
If a command can not be executed for some reason, the lock is only
released with a delay of several seconds, after which the generic error
message will be returned to the caller.</p>
<p>At first, restricted commands will not be made available through the
<a class="reference internal" href="rapi.html"><span class="doc">remote API</span></a>, though that could be done at a later point
(with a separate password).</p>
<p>On the command line, a new sub-command will be added to the <code class="docutils literal"><span class="pre">gnt-node</span></code>
script.</p>
</div>
</div>


          </div>
        </div>
      </div>
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h3><a href="index.html">Table Of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">Design for executing commands via RPC</a><ul>
<li><a class="reference internal" href="#current-state-and-shortcomings">Current state and shortcomings</a></li>
<li><a class="reference internal" href="#proposed-changes">Proposed changes</a></li>
</ul>
</li>
</ul>

  <h4>Previous topic</h4>
  <p class="topless"><a href="design-resource-model.html"
                        title="previous chapter">Resource model changes</a></p>
  <h4>Next topic</h4>
  <p class="topless"><a href="design-shared-storage.html"
                        title="next chapter">Ganeti shared storage support</a></p>
  <div role="note" aria-label="source link">
    <h3>This Page</h3>
    <ul class="this-page-menu">
      <li><a href="_sources/design-restricted-commands.rst.txt"
            rel="nofollow">Show Source</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3>Quick search</h3>
    <form class="search" action="search.html" method="get">
      <div><input type="text" name="q" /></div>
      <div><input type="submit" value="Go" /></div>
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related" role="navigation" aria-label="related navigation">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="design-shared-storage.html" title="Ganeti shared storage support"
             >next</a></li>
        <li class="right" >
          <a href="design-resource-model.html" title="Resource model changes"
             >previous</a> |</li>
        <li class="nav-item nav-item-0"><a href="index.html">Ganeti 2.16.0~rc2 documentation</a> &#187;</li> 
      </ul>
    </div>
    <div class="footer" role="contentinfo">
        &#169; Copyright 2018, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015 Google Inc..
      Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.6.7.
    </div>
  </body>
</html>

APT Browse - Built by Thomas Orozco.