Issue 2550789
Created on 2013-01-21 01:30 by coderanger, last changed 2013-06-09 02:28 by rouilj.
msg4762 |
Author: [hidden] (coderanger) |
Date: 2013-01-21 01:30 |
|
The only non-interactive way to run initialize and set the admin password is to provide it on the
command line. This is visible to all users of the system and represents a pretty severe leakage
problem. Passing a password on the command line should not be an option at all, in favor of a
file containing the password, preferably set to 0600 to ensure security.
|
msg4763 |
Author: [hidden] (rouilj) |
Date: 2013-01-21 01:52 |
|
Well there is a workaround using expect or pexpect or similar perl
module but I agree this should be a feature of the core code.
This should be relatively easy. A patch to roundup/admin.py in the
do_initialize function should make this work. I suggest using:
initialize -f filename
for this case and checking for args > 1 and args[1] cto be -f
then opening the filename and reading the first line for the
password. The code change needs to occur near:
# password
if len(args) > 1:
adminpw = args[1]
else:
It should keep it backwards compatible when used with a
single password argument. (Also is the code above a bug?
initialise shouldn't allow > 1 argument currently as the
additional args are ignored.)
|
msg4764 |
Author: [hidden] (coderanger) |
Date: 2013-01-21 03:09 |
|
While backwards compat is admirable, this should be on as fast a deprecation timeline as you
can do. Beyond just showing up in ps, passwords on the command line also then show up in
shell history files, probably in sudo logs, etc. Providing this an an option is, in the end, a
disservice to users that might not know better.
|
msg4765 |
Author: [hidden] (rouilj) |
Date: 2013-01-21 03:30 |
|
Actually I just realized that a file with the contents:
initialise password
piped into roundup-admin does the trick as roundup-admin
can accept scripts from stdin. This file can easily
be mode 600.
So simply 'cat command_script | roundup-admin -i tracker'
should work. Can you check and see if this works?
-- rouilj
|
msg4814 |
Author: [hidden] (rouilj) |
Date: 2013-03-07 02:35 |
|
Noah:
Were you able to find out if catting the information into
roundup-admin worked for you?
-- rouilj
|
msg4815 |
Author: [hidden] (coderanger) |
Date: 2013-03-07 02:38 |
|
Yes, that does work. I would still recommend making this more explicit in the documentation for
the initialization though. Thanks for your help!
|
msg4902 |
Author: [hidden] (rouilj) |
Date: 2013-06-09 02:28 |
|
I added the file example to user_guide.txt and place a note to see the
user_guide in the part of installation.txt that shows how to use the
initialise command.
Checked in for the next release of roundup.
I think this is sufficient to handle the problem without changing the
code.
|
|
Date |
User |
Action |
Args |
2013-06-09 02:28:45 | rouilj | set | resolution: fixed |
2013-06-09 02:28:32 | rouilj | set | status: new -> closed assignee: rouilj messages:
+ msg4902 |
2013-03-07 02:38:50 | coderanger | set | messages:
+ msg4815 |
2013-03-07 02:35:36 | rouilj | set | messages:
+ msg4814 |
2013-01-24 08:53:27 | ThomasAH | set | nosy:
+ ThomasAH |
2013-01-21 09:40:18 | ber | set | nosy:
+ ber |
2013-01-21 03:30:34 | rouilj | set | messages:
+ msg4765 |
2013-01-21 03:09:39 | coderanger | set | messages:
+ msg4764 |
2013-01-21 01:52:01 | rouilj | set | keywords:
+ Effort-Low nosy:
+ rouilj messages:
+ msg4763 |
2013-01-21 01:30:34 | coderanger | create | |
|