Google Git
Sign in
cos / third_party / overlays / eclass-overlay / e562fef003d64f00b7aa75b4112605b4efbbfbcf
commite562fef003d64f00b7aa75b4112605b4efbbfbcf[log] [tgz]
authorCheng-Han Yang <chenghan@google.com>Mon Aug 29 16:10:35 2022 +0800
committerChromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Sep 13 07:41:59 2022 +0000
tree1b180e495d200c5ece24d2620dd1e5896d69aacd
parent561f9baba38acd959bcbe78f679da640ec542ed9 [diff]
rmad: Add rmad-executor user and group

The RMA executor was run as root. After discussion with security team,
it's better to run as a non-root "rmad-executor" user with CAP_SYS_ADMIN
capabilities so it's still allowed to perform most of the root-level
tasks.

BUG=b:243855405
TEST=display-accts.py --lint

Change-Id: Id90c37ce2e6958b1c57907fa4f90d622bd12ee4d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/eclass-overlay/+/3861529
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>
2 files changed
tree: 1b180e495d200c5ece24d2620dd1e5896d69aacd
  1. acct-group/
  2. acct-user/
  3. eclass/
  4. metadata/
  5. profiles/
  6. OWNERS
  7. PRESUBMIT.cfg