creationix
commented
8 years ago - Need to design the actual permissions/capabilities.
- Should also optionally have white-list of scripts/commands to run.
Open creationix opened 8 years ago
creationix
commented
8 years ago
It would be great to have a universal capabilities system for authenticated users. Scripts will have a list of required permissions to run the scripts and primitives like run command, spawn tty, and browse/edit fs will also have permissions.
We need a profile that's read-only for people who don't want the agent ever making changes (to eventually migrate monitoring agent over).
One idea is to have a hard-coded security profile override (like a umask in filesystems) that's part of the agent's local config on disk. This will limit what the agent can do no matter what is asked over the wire through AEPs.
We should review this permissions system with the managed security folks as well to get more eyes on it.