On 2019-12-10, Adam Thompson <athompso@athompso.net> wrote:
> Is there a way to placate security(8) that I'm just not seeing? Or is
> my goal fundamentally misguided for some reason I'm not seeing? The
Philipp is right, ************* in master.passwd's crypted password field.
> user in this case is semi-trusted (e.g. yes, we'll let you login using
> an unprivileged account to run bgpctl in pipelines) but not
> organizationally-trusted (i.e. but that's ALL we want you to do on this
> system).
Just be aware that some bgpctl operations are powerful. Even with the
restricted socket, full table dumps can use a lot of cpu.
No comments:
Post a Comment