Date: Thu, 28 Jul 2005 19:54:52 -0400 (EDT) From: "Brian A. Seklecki" <lavalamp@spiritual-machines.org> To: freebsd-ports@freebsd.org Cc: Phil Homewood <pdh@bne.snapgear.com>, jeh@FreeBSD.org Subject: misc/amanda / Users Message-ID: <20050728193334.P7262@arbitor.digitalfreaks.org>
next in thread | raw e-mail | index | archive | help
all, re: ports/73956 ...although the approach used in this PR is a great improvement, should we really be defaulting to using 'operator:backup' if no user is set? Won't that encourage people to unlock the operator account by assigning it a valid shell, or even a password? It's unlikely people will take the high ground and execute all Amanda commands from sudo(8). Aren't there hooks for creating psuedo accounts in Ports? For example, in NetBSD pkgsrc there's a PKG_USERS and PKG_GROUPS that can be assigned with low UID values. If so, why not default to creating an 'amanda' or 'backup' user in the secondary group operator? It's just that Amanda has some serious fudemental security issues as it is (no offense to them, it works well), such RHosts style authentication, depedency on inetd/xinetd, and lack of inline network encryption. I just think we should be more proactive; I think even recent versin of Redhat ship it with an amanda user. --- Also, we should probably add a pkg-message for the client and server mentioning required entries in inetd.conf(5), or is the thinking here that Amanda is so involved that people are going to refer to the docs anyway? P.S., this would be an excellent use for the IPSec hooks in inetd(8). ~BAS l8* -lava
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050728193334.P7262>