• Leigh B. Stoller's avatar
    Add widearearoot and wideareajailroot to the users table, to control · 4154972a
    Leigh B. Stoller authored
    who gets root on widearea nodes, inside and outside of jail. Kinda
    brute force; might need to make this more flexible at some point,
    perhaps with a node/user mapping table for widearearoot (root outside
    the jail), and a widearea_trust slot to the group_membership table
    (root inside a jail), but this will do for now since its handled
    entirely inside of tmcd.
    
    I was originally using local_root to determine root access inside the
    jail, but we need to more finely control who gets root on widearea
    nodes. Outside the jail, only tbadmin got jail, and thats definitely
    too restrictive!
    4154972a
database-migrate.txt 7.49 KB