Currently, the reset password flow in VMAccess grants system rights to the user in the form of "ALL = (ALL) ALL".
The issue with this is that endorsed Linux Marketplace images have passwordless access by default, and VMAccess overrides this configuration to require password input from the user when running commands as sudo. This is a concern that has been brought up by multiple customers.
This PR adds a new setting enable_passwordless_access. If provided by the customer, VMAccess will an entry for the user in sudoers configuration in the form "ALL= (ALL) NOPASSWD: ALL".
While there are solutions to preserve existing configurations for the user without requiring the customer to specify access rights for the user, changing the default behavior of the extension would be a major problem for customers who depend on existing behavior. Hence, the new setting.
Currently, the reset password flow in VMAccess grants system rights to the user in the form of "ALL = (ALL) ALL".
The issue with this is that endorsed Linux Marketplace images have passwordless access by default, and VMAccess overrides this configuration to require password input from the user when running commands as sudo. This is a concern that has been brought up by multiple customers.
This PR adds a new setting enable_passwordless_access. If provided by the customer, VMAccess will an entry for the user in sudoers configuration in the form "ALL= (ALL) NOPASSWD: ALL".
While there are solutions to preserve existing configurations for the user without requiring the customer to specify access rights for the user, changing the default behavior of the extension would be a major problem for customers who depend on existing behavior. Hence, the new setting.