Idea ID 1658398
Anyone who can run a promoted script can also run an Adhoc scripts. Permissions don't separate promoted scripts from Adhoc… we need to restrict it so that people can't run Adhoc scripts as root or LocalAdmin. If they could still run Adhoc scripts as non-root or non-LocalAdmin that would be great, but if not then we need a way to totally disable Adhoc (while still allowing the "Select Script" option to run as super-user or not.)
This limitation of the tool is a HUGE issue for security and audit as it basically means anyone who has the ability to run an approved script, also has the ability to run Adhoc (with admin level permissions). With hundreds of users who need to run approved scripts, we need to not allow them to run root\localadmin scripts as well\have a way to allow some approved users to do this. As it is today, hundreds of users can log in and run an Adhoc root\localadmin (untested) script at will. Someone with malicious intent could cripple hundreds to thousdans of servers in a matter of seconds to minutes. ie. Select all Linux servers, run adhoc script as root: rm -rf *
Imagine the implications of this happening... Any day now our securities teams could reliaze this as the biggest current threat to the company and demand we remove this as a possibility.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.