[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: multiuser setup

To: minivend-users@minivend.com, minivend-users@minivend.com
Subject: Re: multiuser setup
From: Ryan Hertz <rhertz@gyb.baits.com>
Date: Mon, 24 May 1999 17:52:44 -0700
In-Reply-To: <19990524234100.17195.qmail@defiant.cqc.com>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Ryan Hertz <rhertz@gyb.baits.com>     ******

At 04:41 PM 5/24/99 , pacman@cqc.com wrote:
>******    message to minivend-users from pacman@cqc.com     ******
>
>I am the administrator for an ISP looking for an online store to set up for
>several customers. Minivend's promise of running multiple stores from a
>single daemon sounded like a dream come true, but I'm having trouble finding
>a way to make it happen.
>
>This bit of the documentation looks particularly bad:
>
>       The program files can be owned by anyone, but any databases, ASCII
>       database source files, error logs, and the directory that holds
>       them must be writable by the proper user ID, that is the one that
>       is executing the minivend program. The best way to operate in
>       multi-user, multi-catalog setups is to create a special minivend
>       user, then put that user in the group that each catalog user is
>       in. If you can define a group for each individual user, that
>       provides the best security. Then all associated files can be in
>       660 or 770 mode, and you should have no problems with permissions,
>       and no problems with security.
>
>We already use gids for actual *group*ing of customers (imagine that, groups
>being used as they were intended) so an approach based on the
>one-user-per-group hack isn't going to work.

	I believe that the hack shouldn't be taken that literally - put the
'store-owners' in the same group as the mvend owner.  (Hence, the
recommendation to chmod at 770)

>
>What I have done so far is make a mvend user and install the simple catalog
>under it. Then I ran a makecat as another user, which seems to work as long
>as I say no to "add this to minivend.cfg?", and add the minivend.cfg line
>manually. But the restart script bombs, since it doesn't have write access to
>some of the other user's files.
>
>Would it really be harmful to run the minivend daemon as root?

	You betcha, it would take 30 seconds to write in some *very* malicious
code into a catalog.

>
>Are there any other clever tricks besides the group hack to let minivend work
>in a multiuser environment?
>
>Can I get a list of exactly which files the daemon needs access to, and just
>chown them to it, and leave them in the user directories?
>
>Or is it just easier to run a separate daemon for each user?
>-
>To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
>email with 'UNSUBSCRIBE minivend-users' in the body to
Majordomo@minivend.com.
>Archive of past messages: http://www.minivend.com/minivend/minivend-list
> 

Ryan Hertz                                              tel  520-645-3812
Webmaster                                               tel  800-645-BAIT
Advertising Director                                    fax  520-645-2588
Gary Yamamoto Custom Baits, Inc.            http://www.yamamoto.baits.com
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

References:
- multiuser setup
  - From: pacman@cqc.com

Prev by Date: Re: Numerical sort on 'code' failing - ideas?
Next by Date: Re: multiuser setup
Prev by thread: multiuser setup
Next by thread: Re: multiuser setup
Index(es):
- Date
- Thread