From 2c9bdf848056306dc9dd6b3cd6a2970b9efdfa53 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 12 Apr 2018 23:15:26 -0400 Subject: [PATCH] Properly fix updatenode syncfiles (#5013) * Fix xdcp username on updatenode -F xdcp was not using the username and trusted facility, fix updatenode usage. * Remove security risk of forceroot Any user can specificy 'forceroot'. Remove this and rely upon the other method to properly use the 'trusted' role. --- xCAT-server/lib/xcat/plugins/updatenode.pm | 1 + xCAT-server/lib/xcat/plugins/xdsh.pm | 4 ---- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/xCAT-server/lib/xcat/plugins/updatenode.pm b/xCAT-server/lib/xcat/plugins/updatenode.pm index c0dfb4081..8b4559179 100644 --- a/xCAT-server/lib/xcat/plugins/updatenode.pm +++ b/xCAT-server/lib/xcat/plugins/updatenode.pm @@ -1833,6 +1833,7 @@ sub updatenodesyncfiles { command => ["xdcp"], node => $syncfile_node{$synclist}, + username => $request->{username}, arg => $args, env => $env }, diff --git a/xCAT-server/lib/xcat/plugins/xdsh.pm b/xCAT-server/lib/xcat/plugins/xdsh.pm index 2a2c98fd5..3378e512a 100644 --- a/xCAT-server/lib/xcat/plugins/xdsh.pm +++ b/xCAT-server/lib/xcat/plugins/xdsh.pm @@ -639,7 +639,6 @@ sub process_servicenodes_xdcp $addreq->{'_xcatdest'} = $::mnname; $addreq->{node} = \@sn; $addreq->{noderange} = \@sn; - $addreq->{forceroot}->[0] = 1; # check input request for --nodestatus my $args = $req->{arg}; # argument @@ -1216,9 +1215,6 @@ sub process_request $ENV{DSH_FROM_USERID} = $request->{username}->[0]; } } - if ($request->{forceroot}) { - $ENV{DSH_FROM_USERID} = 'root'; - } if ($command eq "xdsh") { xdsh($nodes, $args, $callback, $command, $request->{noderange}->[0]);