Skip to content

How do I enable: script_security? #901

New issue
New issue
Closed
Closed
How do I enable: script_security?#901
@superhero

Description

@superhero
superhero
opened on Jun 6, 2018

I get a SECURITY VIOLATION - scripts are being executed but script_security not enabled. when I try to run a script: v1.4.4

How do I enable: script_security so I can run scripts?

Activity

pqarmitage

pqarmitage commented on Jun 6, 2018

@pqarmitage
pqarmitage
on Jun 6, 2018
Collaborator

For how to configure keepalived, please see either man 7 keepalived.conf for the file doc/keepalived.SYNOPSIS in the source tree.

The keyword enable_script_security should be added to the global_defs section of the configuration to enable script security. This means that keepalived will make sure that no no-root user can modify the scripts, which would mean that a non-root user could run programs with root privileges.

It is also a good idea to specify script_user USERNAME to set the default user which should run scripts (avoiding user root if possible). There is also the option to configure username (and groupname) for each script, if you want different scripts executed with the privileges of different users.

pqarmitage
closed this as completedon Jun 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @superhero@pqarmitage

        Issue actions
          How do I enable: script_security? · Issue #901 · acassen/keepalived