[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: minivend security model

To: steve@lwww.com, Minivend Users <minivend-users@minivend.com>
Subject: Re: minivend security model
From: Mark Stosberg <mark@summersault.com>
Date: Thu, 17 Dec 1998 15:38:11 -0500
Organization: Mark's Internet Existence
References: <36795522.A9296EBE@summersault.com> <36796775.5E9F3F80@lwww.com>
Reply-To: mark@summersault.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Mark Stosberg <mark@summersault.com>     ******

Steve,

 That's very useful. To be explicit about what I was referring to: We
would like to have a secure machine on which normal users can't even get
shell access, or perhaps   FTP. Perhaps this is overly paranoid,
especially since we'll be storing data in a database on yet another
machine, that is itself secure (because no one but administrators can
get to it, and only from trusted machines on a secure network).
 If no sensitive data is stored unencypted on the minivend machine, it
seems safe to give users access to it. (which seems to be MiniVend's model)
  We're assuming the worst: that opening up FTP and Shell access to
users significantly increases the chance of someone gaining root access,
and then can browse unencypted sensitive data at will.
  Thoughts?	

 -mark

Steve wrote:
> 
>   Not sure if this is what you are asking or not but I have the MV
> server residing in the /usr/local area of the server. The only user that
> has access to it is minivend which has no login. The group that holds
> rights to the server is minivend and only minivend is a user in that
> group. Minivend is also a user in each group that requires access to the
> server. So it is not the user steve (me) that gets the access for the
> site related to steve it is minivend that does. Each user has their own
> group but you could also specify a group and house all MV users in that
> one group. By doing it in individual groups I can keep tighter control
> over each users abilities to tamper with other areas.
> 
>   I personally have starting tightening permissions on files and
> directories. I have found that in some cases a 600 will work when
> normally or default is to be 644. I do not have a breakdown for
> directory by directory but I suppose once I get finished with closing
> permissions up a bit I could. Is this what you were referring to? Hope
> some of this helped.
> 
> Steve
> 

-- 
http://flip.summersault.com/
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: minivend security model
  - From: Joe Hourcle <oneiros@dcr.net>

References:
- minivend security model
  - From: Mark Stosberg <mark@summersault.com>

Prev by Date: RE: RDBMS schema needed
Next by Date: Error during test
Prev by thread: minivend security model
Next by thread: Re: minivend security model
Index(es):
- Date
- Thread