cpghost wrote:
On Fri, 18 Apr 2008 13:46:48 -0500
Paul Schmehl <[EMAIL PROTECTED]> wrote:
Let me clarify. When I use the term "host", I'm referring to what
many would call a "personal workstation" or "personal computer". If
you have more than one person who has shell access to a computer,
then you no longer have a host. You have a server. Sure, you may not
think of it that way, but that's what it is.
Servers are a completely different ballgame, and the decisions you
make regarding protecting them have everything to do with who has
access to what. The servers that I referenced in my post have one
person with root access - me
- and one user - the owners. No one else has access. So, it's a
great deal easier for me to lock down the boxes than it is, for
example, here at work, where *many* people have shell access and more
than one have root access through sudo or even su.
Sorry for bikeshedding here, since it's just a matter of terminology,
but...
"Hosts" used to be multi-user machines for a long time, and actually
still are. Most RFCs, including newer ones, refer to "hosts" and mean
"nodes" on the net. They don't care whether the hosts are workstations
used by a single or few user(s), or big multi-user machines with
hundreds of shell accounts.
"Server" is merely the role a program assumes when it waits passively
for requests from "clients". "Servers" run on "hosts", regardless
of the number of users on those hosts (ranging from 0 to very high).
Obviously, the security implications vary considerably if you have
to host many user accounts, esp. on hosts used by mission critical
server programs. ;)
And of course, the bikeshed has to be painted... red! :)
Regards,
-cpghost.
Try this:
AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] joe@<home ip>
Simon
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
