You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geode.apache.org by Barry Wood <bw...@rpymotion.com> on 2017/07/14 16:57:51 UTC

stop locator --dir not securitied

Hi,
Setup user admin with CLUSTER:READ allowed operations.  This prevents gfsh>stop locator —name=locator1, Unauthorized.  But, gfsh>stop locator —dir=locator1 allows user to stop locator.  Did not see any issue logged for this.  Is this intentional?
Best regards,
Barry Wood

Re: stop locator --dir not securitied

Posted by Anthony Baker <ab...@pivotal.io>.

I agree, the behavior of ‘--dir’ is very different.  You would need access to the locator host and sufficient OS privileges to stop the locator process and access the filesystem.

With ‘--name’ you are requesting the JMX manager perform a remote operation on your behalf, hence the need to secure the request.

Anthony

> On Jul 14, 2017, at 10:13 AM, Swapnil Bawaskar <sb...@pivotal.io> wrote:
> 
> Hi Barry,
> Yes, it is intentional. stop locator --dir is an offline command (i.e. after launching gfsh you do not have to connect to the locator). All offline commands are not secured, because the user already has access to the filesystem.
> 
> Thanks!
> 
> On Fri, Jul 14, 2017 at 10:05 AM Barry Wood <bwood@rpymotion.com <ma...@rpymotion.com>> wrote:
> Hi,
> Setup user admin with CLUSTER:READ allowed operations.  This prevents gfsh>stop locator —name=locator1, Unauthorized.  But, gfsh>stop locator —dir=locator1 allows user to stop locator.  Did not see any issue logged for this.  Is this intentional?
> Best regards,
> Barry Wood

Re: stop locator --dir not securitied

Posted by Swapnil Bawaskar <sb...@pivotal.io>.

Hi Barry,
Yes, it is intentional. stop locator --dir is an offline command (i.e.
after launching gfsh you do not have to connect to the locator). All
offline commands are not secured, because the user already has access to
the filesystem.

Thanks!

On Fri, Jul 14, 2017 at 10:05 AM Barry Wood <bw...@rpymotion.com> wrote:

> Hi,
> Setup user admin with CLUSTER:READ allowed operations.  This prevents
> gfsh>stop locator —name=locator1, Unauthorized.  But, gfsh>stop locator
> —dir=locator1 allows user to stop locator.  Did not see any issue logged
> for this.  Is this intentional?
> Best regards,
> Barry Wood