From owner-freebsd-hackers  Wed Aug  4  3:26:51 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from moebius2.Space.Net (moebius2.Space.Net [195.30.1.100])
	by hub.freebsd.org (Postfix) with SMTP id B572E14FF1
	for <hackers@FreeBSD.ORG>; Wed,  4 Aug 1999 03:26:48 -0700 (PDT)
	(envelope-from maex@Space.Net)
Received: (qmail 11591 invoked by uid 1013); 4 Aug 1999 10:25:12 -0000
Message-ID: <19990804122512.D14590@space.net>
Date: Wed, 4 Aug 1999 12:25:12 +0200
From: Markus Stumpf <maex-freebsd-hackers@Space.Net>
To: Alex Zepeda <garbanzo@hooked.net>
Cc: hackers@FreeBSD.ORG
Subject: Re: Solution for mail pseudo-users?
References: <19990803210953.E17970@space.net> <Pine.BSI.3.95.990803141818.27230A-100000@fish.hooked.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <Pine.BSI.3.95.990803141818.27230A-100000@fish.hooked.net>; from Alex Zepeda on Tue, Aug 03, 1999 at 02:22:17PM -0700
Organization: SpaceNet GmbH, Muenchen, Germany
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Aug 03, 1999 at 02:22:17PM -0700, Alex Zepeda wrote:
> > Also you'll have to run the script to allow users to change passwords as
> > "root", which you probably will NOT want to do (same for adding/
> > deleting/changing users) 
> 
> So with your setup, any user can add/delete/modify existing users?  Yeah,
> that's secure. 

With your setup that would hold, too.
But with my setup the effective user doesn't have to be root, so if there
is an exploit the intruder doesn't gain root privileges the first place
and it reduces the possibilities that e.g. the whole subnet is compromised
by sniffing or the like.

> > Also with 30000+ (maybe even with 10000+) users each rebuild of the
> > passwd database will become SLOW and you have to take care about locking
> > and such ... been there, tried it, didn't like it. 
> 
> Yes, but with 100k+ users, a database (that requires slow rebuilding) is
> faster to find random records in than a flat text file.  In fact, perhaps
> you should have instituted some sort of cron'd rebuild (once every 30
> minutes for instance), and then queued the changes, so as to prevent users
> from frobbing in an incorrect manner. 

A e.g. database isn't a flat text file. Nobody said that one should use a
linear search on a flat text file. You're free to plug in whatever
backend you want (Berkley DB, SQL database, cdb, ...), but you don't
have to rebuild the whole database, but just the record modified.

Queuing changes is IMHO not an option.
When a user changes his password, he want it to be effective
immediately, not after 5, 10, 15 oder 30 minutes.

	\Maex

-- 
SpaceNet GmbH             |   http://www.Space.Net/   | Yeah, yo mama dresses
Research & Development    | mailto:maex-sig@Space.Net | you funny and you need
Joseph-Dollinger-Bogen 14 |  Tel: +49 (89) 32356-0    | a mouse to delete files
D-80807 Muenchen          |  Fax: +49 (89) 32356-299  |


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message