Re: Tool of Use to Unix WebCat Admins

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 36038
interpreted = N
texte = All very good recommendations. I was mostly thinking of the people who are using *nix system and fighting with rights/ownership of files. I think it is basically a really bad idea to host other users on your WebCat server (since it is not set up to operate in that fashion).I was only suggesting creating a script to replicate files from a staging area to a production area, then allow certain users rights to use it. I'm thinking mostly client's uploading databases, not templates.John PeacockAndrew Vernon wrote: > > On 8/9/00 1:37 PM, John Peacock at JPeacock@UnivPress.com wrote: > > > Sudo is a program designed to allow a sysadmin to give limited root > > privileges to users and log root activity. [...] > > Sudo is a very handy tool but you have to be careful because it can be a > security hole if you're not. For example, you don't want any of your > sudoers to be able to run an editor as root, because many unix editors allow > shell escapes, which would give the sudoer a root shell. Also, any sudoer > has to be on guard against password compromise, more so than a regular user > since anybody with their name and passowrd can do any potentially > destructive activities allowed by the sudoers file. Sudo's ALL=ALL > directive is particularly dangerous since it practically makes a user with > that attribute root. If you use sudo (read: if you provide shells to your > customers at all), urge your users to use SSH or some other crypted protocol > to start a shell session and be as strict as possible in defining > permissions in the sudoers file. Start out with only a few privileges at > first and keep everything else clamped down, then grant privileges only as > needed. > > Actually, it's best not to provide shell access in the first place unless > it's unavoidable. > > -- > Andrew Vernon > avernon@dramatols.net------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Tool of Use to Unix WebCat Admins (John Peacock 2000)
  2. Re: Tool of Use to Unix WebCat Admins (Andrew Vernon 2000)
  3. Tool of Use to Unix WebCat Admins (John Peacock 2000)
  4. Tool of Use to Unix WebCat Admins (John Peacock 2000)
  5. Re: Tool of Use to Unix WebCat Admins (Dale 2000)
  6. Tool of Use to Unix WebCat Admins (John Peacock 2000)
All very good recommendations. I was mostly thinking of the people who are using *nix system and fighting with rights/ownership of files. I think it is basically a really bad idea to host other users on your WebCat server (since it is not set up to operate in that fashion).I was only suggesting creating a script to replicate files from a staging area to a production area, then allow certain users rights to use it. I'm thinking mostly client's uploading databases, not templates.John PeacockAndrew Vernon wrote: > > On 8/9/00 1:37 PM, John Peacock at JPeacock@UnivPress.com wrote: > > > Sudo is a program designed to allow a sysadmin to give limited root > > privileges to users and log root activity. [...] > > Sudo is a very handy tool but you have to be careful because it can be a > security hole if you're not. For example, you don't want any of your > sudoers to be able to run an editor as root, because many unix editors allow > shell escapes, which would give the sudoer a root shell. Also, any sudoer > has to be on guard against password compromise, more so than a regular user > since anybody with their name and passowrd can do any potentially > destructive activities allowed by the sudoers file. Sudo's ALL=ALL > directive is particularly dangerous since it practically makes a user with > that attribute root. If you use sudo (read: if you provide shells to your > customers at all), urge your users to use SSH or some other crypted protocol > to start a shell session and be as strict as possible in defining > permissions in the sudoers file. Start out with only a few privileges at > first and keep everything else clamped down, then grant privileges only as > needed. > > Actually, it's best not to provide shell access in the first place unless > it's unavoidable. > > -- > Andrew Vernon > avernon@dramatols.net------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

database freeze (1997) Hard Questions ? (1997) Robert Minor duplicate mail (1997) Setting up shop (1997) [ShowIf] and empty fields (1997) Odd Cart Behavior (1997) [WebDNA] Triggers Failing (2008) Sorting nested search (2003) Webcat and logging (1998) Practice runs ? (1997) WebDNA performance comparisons? (2004) [OT] Mozilla | Was: R.I.P. Netscape (2003) Re:Virtual hosting and webcatNT (1997) Setting up shop (1997) [WebDNA] Updating Master Store Question (2009) [Shell] help with Tarring files (2002) Setting up shop (1997) JavaScript question (2001) Almost a there but..bye bye NetCloak (1997) Requiring that certain fields be completed (1997)