Actions
Fix #13707
openteuthology globally disables requiretty
Status:
New
Priority:
Normal
Assignee:
-
Category:
-
% Done:
0%
Source:
other
Tags:
Backport:
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
https://github.com/ceph/ceph-cm-ansible/blob/master/roles/testnode/templates/sudoers#L15
On Ansible-managed systems, /etc/sudoers
contains this line:
Defaults !requiretty
This is bad for security in general, and hides bugs in Ceph in particular (eg #10927)
On a vanilla RHEL or CentOS install, /etc/sudoers
has the following:
Defaults requiretty
Can we list the exact things that are run in the labs that require us to disable the "requiretty
" setting on the lab hosts?
For example, I think ceph-deploy (via execnet) needs this, but only for the unprivileged UID that ceph-deploy uses (ie "ubuntu"), so we could tighten the setting to just "ubuntu".
Actions