On Mon, Jun 05, 2006, Robert Allerstorfer wrote:
> [...]
> The only thing I am still curious about is if it is generally a good
> idea to have an OpenPKG instance living on a production web server. I
> think the wording "living" fits, since a cron job will be executed
> every 15 minutes and I'm not sure if this could cause performance down
> sides.
It doesn't cause any noticable performance problem. Look into your
system crontab entries and recognize that the underlying OS also
performs lots of similar perdiodic tasks like this. In the last 6 years
I've never seen that any type of server (including a webserver) had a
performance problem because the OpenPKG "rc" script runs.
> Also, isn't it possible to have a potential securiry risk
> opened by adding 3 openpkg users (openpkg, openpkg-r and openpkg-n) to
> the system that could theoretically login to a openpkg's bash shell?
All three users do neither have a password set nor any SSH public keys,
etc. So one cannot remotely login to them as long as someone explicitly
configures them this way. So from my point of view they are more or less
security wise equal to the other Unix users like "bin".
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
The OpenPKG Project www.openpkg.org
User Communication List [email protected]
