Commit 4154972a authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Add widearearoot and wideareajailroot to the users table, to control

who gets root on widearea nodes, inside and outside of jail. Kinda
brute force; might need to make this more flexible at some point,
perhaps with a node/user mapping table for widearearoot (root outside
the jail), and a widearea_trust slot to the group_membership table
(root inside a jail), but this will do for now since its handled
entirely inside of tmcd.

I was originally using local_root to determine root access inside the
jail, but we need to more finely control who gets root on widearea
nodes. Outside the jail, only tbadmin got jail, and thats definitely
too restrictive!
parent b11e748f
......@@ -1132,6 +1132,8 @@ CREATE TABLE users (
home_pubkey text,
adminoff tinyint(4) default '0',
verify_key varchar(32) default NULL,
widearearoot tinyint(4) default '0',
wideareajailroot tinyint(4) default '0',
PRIMARY KEY (uid),
KEY unix_uid (unix_uid),
KEY status (status)
......
......@@ -196,3 +196,11 @@ last_net_act,last_cpu_act,last_ext_act);
alter table state_triggers drop primary key;
alter table state_triggers add primary key (node_id,op_mode,state);
1.130: Add widearearoot and wideareajailroot to the users table, to
control who gets root on widearea nodes, inside and outside of
jail. Kinda brute force; might need to make this more flexible
at some point, perhaps with a node/user mapping table, but this
will do for now since its handled entirely inside of tmcd.
alter table users add widearearoot tinyint(4) default '0';
alter table users add wideareajailroot tinyint(4) default '0';
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment