[GitHub] [incubator-dolphinscheduler] zhuangchong commented on issue #3998: 通过dolphinescheduler获取主机的root权限

[GitBox <gi...@apache.org>]

zhuangchong commented on issue #3998:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/3998#issuecomment-717185504


   I think this is not a bug
   
   There is a linux account dolphinscheduler on the machine where dolphinschduler is installed. This account is sudoer and is not secret-free. Dolphinschduler can already execute all root permissions.
   
   If you think the permissions of the dolphinscheduler tenant are too large, there are several implementation options
   1. Dolphinscheduler tenants only manage users, perform tenants that do not perform specific tasks
   2. Linux sudo can set only user list, so dolphinschedule users can only access the user list you added with sudo, without root authority.
   
   ---
   我认为这不是一个bug
   dolphinschduler安装的机器上有 linux账号 dolphinscheduler，这个账号是sudoer，且免密，dolphinscheduler已经可以执行root的所有权限。
   
   如果你认为dolphinscheduler租户的权限太大，可以有几种实现方案
   1.dolphinscheduler租户只是管理用户，不做具体任务的执行租户
   2.linux sudo 可以设置只用户列表，这样dolphinschedule用户只能sudo访问你添加的用户列表，没有root的权限。
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org