openvnet icon indicating copy to clipboard operation
openvnet copied to clipboard
verified publisher icon axsh

Run VNA as a regular user instead of root.

Open Metallion opened this issue 10 years ago • 0 comments

This is related to issue https://github.com/axsh/openvnet/issues/28.

Problem

Currently VNA is always running as root. This is general bad practice and a security issue. Especially since VNA (like all vnet processes) receives commands via a network connection.

VNA is a little more difficult to run as a regular user because it still calls Open vSwitch commands directly when we require functionality not implemented in Trema yet.

Solution

We can use sudo for the Open vSwitch commands.

  • Create a vnet-vna user and group much in the same way as https://github.com/axsh/openvnet/issues/301.
  • Add a line to the sudoers file that allows the vnet-vna group to run _only_ the required commands _and nothing else_ to be run with passwordless sudo.

Metallion avatar Apr 21 '15 06:04 Metallion