>That starts to get into almost philosophical security issues. >To some extent I consider this a good thing. Physical access >is the ultimate privilige, so you need to physically protect >your data to the extent that it's worth to you. If you've >got physical protection anyway, then making physical access >be required to do potentially destructive administration >means you only one one avenue of compromise instead of >physical and network. > >Having said that, because I have a combined CPU/auth/file >server, I can, and sometimes do, cpu into it as the host >owner and do administrative things that way.
You're right, that's probably a philosophical discussion. As a real-world example, where I work, we've got a bunch of AIX servers out in our datacenter, which is a physically seperate building down the street. While we have physical access if we need it, generally speaking everything can be done remotely, including rebooting a system, because the HMC manages it and provides virtual serial consoles. But generally the HMC isn't used once the partition is up, as all administration can be done remotely, and a user can su to root if need be. I've been using the drawterm to hostowner trick too, but was thinking that since Plan 9 doesn't recognize a root-equivalent user, the opportunity is there to delegate permissions to any user (or group, ;) )such that they should be able to perform root-like tasks as themselves. If I were running a Plan 9 server on bare hardware in the datacenter, I wouldn't want to have to take a hike every time I needed to do certain activities, even though my key to the datacenter door grants me physical access should I need it. In this case, though, it's running under VMware ESXi, so the vSphere Client gives me remote access to the console, much as the HMC does for the AIX systems, but still... My point is that if one wants to open themselves up to another avenue of attack (albeit carefully controlled) by allowing such things to be done via network, they should be able to. So in that sense, maybe drawterm'ing to hostowner is the appropriate answer... Again, thanks for your responses!! -Ben
<<winmail.dat>>
