Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How do I enable: script_security? #901

Closed
superhero opened this issue Jun 6, 2018 · 1 comment
Closed

How do I enable: script_security? #901

superhero opened this issue Jun 6, 2018 · 1 comment

Comments

@superhero
Copy link

I get a SECURITY VIOLATION - scripts are being executed but script_security not enabled. when I try to run a script: v1.4.4

How do I enable: script_security so I can run scripts?
@pqarmitage
Copy link
Collaborator

For how to configure keepalived, please see either man 7 keepalived.conf for the file doc/keepalived.SYNOPSIS in the source tree.

The keyword enable_script_security should be added to the global_defs section of the configuration to enable script security. This means that keepalived will make sure that no no-root user can modify the scripts, which would mean that a non-root user could run programs with root privileges.

It is also a good idea to specify script_user USERNAME to set the default user which should run scripts (avoiding user root if possible). There is also the option to configure username (and groupname) for each script, if you want different scripts executed with the privileges of different users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@superhero @pqarmitage