Euca uses root privs for a specific sub-set of actions (see attached). I think as a first-pass, we need to:
1) use capabilities, not "uid 0"
2) add logic to the wrapper to only allow specific commands/paths, and adjust capabilities as appropriate
3) use fully qualified paths to commands
Euca uses root privs for a specific sub-set of actions (see attached). I think as a first-pass, we need to:
1) use capabilities, not "uid 0"
2) add logic to the wrapper to only allow specific commands/paths, and adjust capabilities as appropriate
3) use fully qualified paths to commands
continued...