[pve-devel] [PATCH pve-manager] First beta of FreeNAS storage plugin

Michael Rasmussen mir at datanom.net
Tue Jun 13 10:20:17 CEST 2017


On Tue, 13 Jun 2017 09:39:37 +0200
Dominik Csapak <d.csapak at proxmox.com> wrote:

> 
> but a better way for the whole plugin would probably be a credentials
> file with limited read access (so only root can read it)
> 
The password is written in /etc/pve/storage.cfg which is -rw-r---- root
www-data. I cannot see how this could be changed to a more secure way
since www-data will need to be allowed to have access to the password
to be able to call the storage.

What more security do a credentials file provide?

-- 
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
Don't use conditional branches as a substitute for a logical expression.
            - The Elements of Programming Style (Kernighan & Plaugher)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20170613/6a0a83e6/attachment.sig>


More information about the pve-devel mailing list