[ClusterLabs] Initial Setup (Ken Gaillot)
Angelo Ruggiero
angeloruggiero at yahoo.com
Sat Aug 24 09:19:57 UTC 2024
Hello Ken,
Thanks for taking the time..
>In addition, Pacemaker's configuration (CIB) is readable and writable
>only by root. Users may optionally be added to the haclient group to
>gain read/write access, and ACLs may optionally be configured to
>restrict that access to specific portions.
Thats a good point my security guys will end up asking this CIB where is stored and how protected.
I did not check yet but i assumed thats it somewhere on the filesystem as you said owned and writing only by root.
I think I saw the pacemaker exec procecess e.g pacemaker-execd seem to use shared memory to communicated to each other.
And i assume this shared memory contains the CIB and that is stored on disk also. Note really a security issue just interesting.
regards
Angelo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20240824/52932b0b/attachment.htm>
More information about the Users
mailing list