Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Salt master file_recv: true for specific minion(s) instead of globally #42284

Open
pgporada opened this issue Jul 12, 2017 · 10 comments
Open

Salt master file_recv: true for specific minion(s) instead of globally #42284

pgporada opened this issue Jul 12, 2017 · 10 comments
Labels
Core relates to code central or existential to Salt Feature new functionality including changes to functionality and code refactors, etc.
Milestone
Approved

Comments

@pgporada
Copy link
Contributor

Description of Issue/Question

I've searched github and the google groups, but personally haven't found anyone asking for this yet. Since file_recv: true is considered a security vulnerability, but cp.push and cp.push_dir are extremely useful commands would it be possible to limit the minions that can use the file_recv features? This would help me limit the blast radius of enabling this feature to only the most important select boxes while preventing all other boxes from sending files to the master.
@gtmanfred
Copy link
Contributor

This would be great to have.

I am marking this as a feature request.

Thanks,
Daniel
@gtmanfred gtmanfred added Core relates to code central or existential to Salt Feature new functionality including changes to functionality and code refactors, etc. labels Jul 12, 2017
@gtmanfred gtmanfred added this to the Approved milestone Jul 12, 2017
@pgporada
Copy link
Contributor Author

pgporada commented Aug 4, 2017
edited
Loading

If possible, limiting the directory that cp.push and cp.push_dir can move files to would be useful as well.
@stale
Copy link

stale bot commented Nov 27, 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.
@stale stale bot added the stale label Nov 27, 2018
@max-arnold
Copy link
Contributor

+1 from me on this one
@stale
Copy link

stale bot commented Nov 28, 2018

Thank you for updating this issue. It is no longer marked as stale.
@stale stale bot removed the stale label Nov 28, 2018
@Arjun765
Copy link

Arjun765 commented Dec 5, 2018

Since file_recv: true is considered a security vulnerability

Why so? Can the minion push files to any location? can minion push files to the server whenever it wants to even if no cp.push command is run on the server?
@gtmanfred
Copy link
Contributor

imagine a malicious minion continuously pushing 1G files to the master, filling up the filesystem or using all the inodes.

Then the master will stop working.
@stale
Copy link

stale bot commented Jan 9, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.
@stale stale bot added the stale label Jan 9, 2020
@max-arnold
Copy link
Contributor

Bump
@stale
Copy link

stale bot commented Jan 9, 2020

Thank you for updating this issue. It is no longer marked as stale.
@stale stale bot removed the stale label Jan 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Core relates to code central or existential to Salt Feature new functionality including changes to functionality and code refactors, etc.
4 participants
@max-arnold @gtmanfred @pgporada @Arjun765