URL:
<http://gna.org/support/?func=detailitem&item_id=723>
Summary: savannah.conf.pl documentation lack of clarity
(user accounts)
Project: Savane
Submitted by: mech
Submitted on: Wed 09/14/2005 at 00:07
Category: Installation/Configuration
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Release:
_______________________________________________________
Details:
# [BACKEND ONLY]
# User home directory
# You can safely uncomment all these settings if you do not use
# the savannah backend.
# Ex: "/home"
our $sys_homedir="/data/savane-home";
This should almost certainly contain a warning that this should NOT be the
same directory as the shell accounts home directory of the host system!
As a side note, I don`t see anywhere, in ANY of the documentation, a
discussion of what the security and other rammifactions of all this user
account creation might be. Do these accounts have shells? Can people SSH
into them as if they were regular shell account holders? I find it rather
disturbing, very disturbing actually, that useradd is used to create actual
shell accounts (whether limited or otherwise) for people who are to be users
of a web-based system. This seems very strange and dangerous to me. Is it
impossible to give people CVS access to the project files without this? Just
curious why the decision to use actual system-level accounts instead of
something more virtualized and secure, that insulates the system from the
potential hundreds-of-thousands of users a savane installation could create.
Regardless of the answer, the reasoning should be well documented and the
security considerations explained, since I`m hardly going to be the only
admin with such a question on his/her mind.
_______________________________________________________
Reply to this item at:
<http://gna.org/support/?func=detailitem&item_id=723>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
