[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-ports
Subject: misc/amanda / Users
From: "Brian A. Seklecki" <lavalamp () spiritual-machines ! org>
Date: 2005-07-28 23:54:52
Message-ID: 20050728193334.P7262 () arbitor ! digitalfreaks ! org
[Download RAW message or body]
all, re: ports/73956
...although the approach used in this PR is a great improvement, should we
really be defaulting to using 'operator:backup' if no user is set?
Won't that encourage people to unlock the operator account by assigning it
a valid shell, or even a password?
It's unlikely people will take the high ground and execute all Amanda
commands from sudo(8).
Aren't there hooks for creating psuedo accounts in Ports? For example, in
NetBSD pkgsrc there's a PKG_USERS and PKG_GROUPS that can be assigned with
low UID values. If so, why not default to creating an 'amanda' or
'backup' user in the secondary group operator?
It's just that Amanda has some serious fudemental security issues as it is
(no offense to them, it works well), such RHosts style authentication,
depedency on inetd/xinetd, and lack of inline network encryption. I just
think we should be more proactive; I think even recent versin of Redhat
ship it with an amanda user.
---
Also, we should probably add a pkg-message for the client and
server mentioning required entries in inetd.conf(5), or is the thinking
here that Amanda is so involved that people are going to refer to the docs
anyway?
P.S., this would be an excellent use for the IPSec hooks in inetd(8).
~BAS
l8*
-lava
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic