Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [] SSH Auth Bot and your account security

> From: Marc Khouzam <marc.khouzam@xxxxxxxxxxxx>

> ...
> I like the idea of trying HIPP to do that.  But then the question of
> security comes in.  How do I limit the number of people that are
> allowed to run that job?  When I create a new job on the CDT HIPP it
> seems all committers can run it by default. It is not that I don't
> trust other committers, but I prefer to reduce the risk of mistakes
> and only give permissions to people doing the releng stuff.

While there may be other solutions in the future, I think even now you could use
"Job-based Matrix Authorization Strategy ". Then for each "job" you can (must)
specify who can do what. And there are several ways to specify "who":
a. committer mail address, b. ROLE_<linux-group>, c. anonymous.  
For example, you might want only yourself to be able
to "run" or "delete" a job, but maybe still allow everyone to "read" the log from the job.
This probably will take a change to your overall "HIPP Instance", and then changes to
each of your jobs (from the little I know about your case).

For more information than you want, see Chapter 4 of "Hudson book".

There might be better sources of information for your specific questions, but if you want to make changes "now" I suggest opening a Hudson bug
and ask for help there. [Unless Denis says otherwise :) ]


Back to the top