Re: Tool of Use to Unix WebCat Admins
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 36038
interpreted = N
texte = All very good recommendations. I was mostly thinking of the people whoare using *nix system and fighting with rights/ownership of files. I think it is basically a really bad idea to host other users on yourWebCat server (since it is not set up to operate in that fashion).I was only suggesting creating a script to replicate files from astaging area to a production area, then allow certain users rights touse it. I'm thinking mostly client's uploading databases, not templates.John PeacockAndrew Vernon wrote:> > On 8/9/00 1:37 PM, John Peacock at JPeacock@UnivPress.com wrote:> > > Sudo is a program designed to allow a sysadmin to give limited root> > privileges to users and log root activity. [...]> > Sudo is a very handy tool but you have to be careful because it can be a> security hole if you're not. For example, you don't want any of your> sudoers to be able to run an editor as root, because many unix editors allow> shell escapes, which would give the sudoer a root shell. Also, any sudoer> has to be on guard against password compromise, more so than a regular user> since anybody with their name and passowrd can do any potentially> destructive activities allowed by the sudoers file. Sudo's ALL=ALL> directive is particularly dangerous since it practically makes a user with> that attribute root. If you use sudo (read: if you provide shells to your> customers at all), urge your users to use SSH or some other crypted protocol> to start a shell session and be as strict as possible in defining> permissions in the sudoers file. Start out with only a few privileges at> first and keep everything else clamped down, then grant privileges only as> needed.> > Actually, it's best not to provide shell access in the first place unless> it's unavoidable.> > --> Andrew Vernon> avernon@dramatols.net-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
All very good recommendations. I was mostly thinking of the people whoare using *nix system and fighting with rights/ownership of files. I think it is basically a really bad idea to host other users on yourWebCat server (since it is not set up to operate in that fashion).I was only suggesting creating a script to replicate files from astaging area to a production area, then allow certain users rights touse it. I'm thinking mostly client's uploading databases, not templates.John PeacockAndrew Vernon wrote:> > On 8/9/00 1:37 PM, John Peacock at JPeacock@UnivPress.com wrote:> > > Sudo is a program designed to allow a sysadmin to give limited root> > privileges to users and log root activity. [...]> > Sudo is a very handy tool but you have to be careful because it can be a> security hole if you're not. For example, you don't want any of your> sudoers to be able to run an editor as root, because many unix editors allow> shell escapes, which would give the sudoer a root shell. Also, any sudoer> has to be on guard against password compromise, more so than a regular user> since anybody with their name and passowrd can do any potentially> destructive activities allowed by the sudoers file. Sudo's ALL=ALL> directive is particularly dangerous since it practically makes a user with> that attribute root. If you use sudo (read: if you provide shells to your> customers at all), urge your users to use SSH or some other crypted protocol> to start a shell session and be as strict as possible in defining> permissions in the sudoers file. Start out with only a few privileges at> first and keep everything else clamped down, then grant privileges only as> needed.> > Actually, it's best not to provide shell access in the first place unless> it's unavoidable.> > --> Andrew Vernon> avernon@dramatols.net-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
John Peacock
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
database freeze (1997)
Hard Questions ? (1997)
Robert Minor duplicate mail (1997)
Setting up shop (1997)
[ShowIf] and empty fields (1997)
Odd Cart Behavior (1997)
[WebDNA] Triggers Failing (2008)
Sorting nested search (2003)
Webcat and logging (1998)
Practice runs ? (1997)
WebDNA performance comparisons? (2004)
[OT] Mozilla | Was: R.I.P. Netscape (2003)
Re:Virtual hosting and webcatNT (1997)
Setting up shop (1997)
[WebDNA] Updating Master Store Question (2009)
[Shell] help with Tarring files (2002)
Setting up shop (1997)
JavaScript question (2001)
Almost a there but..bye bye NetCloak (1997)
Requiring that certain fields be completed (1997)