On Tue, Mar 05, 2002 at 05:26:58PM -0500, Julius Szelagiewicz wrote: > On Tue, 5 Mar 2002, Hans Ekbrand wrote: > > I was not thinking on system security, but the security you would want > > to grant the *users*, e.g. that no cracker (other user) wipes out their > > research project files.
> Hans, > this one is difficult and there are no good solutions. there are > good pointers though: 0. do frequent backups. 1. guard the passwords, 2. > change passwords frequently, 3. guard the passwords and never, ever send > them in open text over the network. 3. leads directly to 4. use only ssh > to log in, disable telnet permanently. 4. if at all possible, have common > directory 440 for all the users and writable only by few select > moderators, better yet, have users full control of their own data with > posting priviledges to 1 directory that is "continously" backed up to a ro > directory. the backups have to create new versions every time a file is > changed. this is pretty paranoid and rather expensive, but about as safe > as you can get and still do collaborative work. Good points. You are right, rw NFS isn't that bad. I did not know of the "security" option that forces the client to use a low port to access NFS shares. That makes a big difference in a private, hostile network. -- Hans Ekbrand
msg03545/pgp00000.pgp
Description: PGP signature
