Bug 1048354

Summary: Gear movement should not require direct root login
Product: OKD Reporter: Trevor Vaughan <tvaughan>
Component: PodAssignee: Abhishek Gupta <abhgupta>
Status: CLOSED WONTFIX QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 1.xCC: dmcphers, jialiu, kseifried, lmeyer, mmcgrath
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-31 18:22:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Trevor Vaughan 2014-01-03 19:50:20 UTC 
Description of problem:

The ability to move gears via rsync requires direct root access to systems. Per most published security guides, this is to be disabled and sudo to be used instead.

Request that rsync movement be able to be used via an account other than root.

Version-Release number of selected component (if applicable):

All

How reproducible:

Disable direct root login, attempt to move a gear.

Actual results:

Gear movement fails.

Expected results:

Gear movement succeeds.
Comment 1 Kurt Seifried 2014-01-06 18:24:17 UTC 
This issue appears to be a security feature RFE and not a security flaw or vulnerability.
Comment 2 Eric Paris 2017-05-31 18:22:11 UTC 
We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause.