[pve-devel] nexenta plugin problems

Stefan Priebe s.priebe at profihost.ag
Sun Aug 26 22:07:24 CEST 2012


Am 24.08.2012 17:27, schrieb Dietmar Maurer:
> I will not allow to store any password inside /etc/pve/storage.cfg.
> That file is readable by www-data user, so that is a major security hole.

But all files under /etc/pve are readable by www-data group. So as long 
as /etc/pve does not allow us to store files with different permissions 
there is no chance to make this safe.

Greets,
Stefan


More information about the pve-devel mailing list