14 Mar
2001
14 Mar
'01
15:25
On Wed, 14 Mar 2001 kevin.taylor@powerconv.alstom.com wrote: > > Ambiguous pronunciation can be a problem > Well yes, but this is pronounced "Open Source in Education" > - which is its name :-) Am I the only one who finds it cumbersome to never abbreviate an eight-syllable name? :-) > > a much more elegant and secure solution is to create an > > "osieadmin" group that has write access to all the relevant > > configuration files > Agreed - but your first email suggested > "The main restriction is likely to be that we need a server on which > we can get full root access, because it would be good to be able > to install and run arbitrary programs" > - to which I responded that the 'we' is the important word - the > admin team must be able to do what is required. No, I don't agree with you here. Allowing a large group of people to all have root access is simply asking for trouble. Even though I would trust everyone involved not to do any damage (intentionally or accidentally), it is poor design to grant widespread root access - you are vastly increasing the potential for the system to be compromised. And, as I have said and you have agreed, a non-root "admin" group is a better solution and *does* allow the admin team to "do what is required". > For a volunteer organisation it is important to have several key > people for all tasks. I see 3 levels of control required here: > 1. Physical machine access > 2. Admin access > 3. Site content access > If only the owners of the machine are in a position to manage > (1), then maybe a ISP hosted machine would be best Ours is an ISP hosted machine. >> So it may well be that your suggestion is fine, as long as (2) > provides enough control to do what is required, without > permitting any chance of causing a problem with your > own site. (I am not quite sure how this could be managed > at the moment as presumably you would be using apache > with virtual hosting to manage both sites ... so would the > admin team have access to your /etc/httpd.conf ? Or similarly > with /etc/named.conf, etc ?) The admin team would have access to whichever files it turns out to be necessary to have access to on more than a one-off basis. /etc/named.conf, for example, is *not* such a file: it needs to be set up only once, not changed regularly. /var/named/osie.*, on the other hand, would need to be accessible by the admin team, and so would be group-writable. I am certainly not going to enforce a security policy that protects the integrity of the Fen Systems web pages at whatever cost to the ease of administering the OSIE site. I just think it is in all our interests to implement a sensible security policy that minimises the risk of being compromised while still allowing people the access they need. Why is this a problem? Michael