[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: multiuser setup
****** message to minivend-users from mikeh@minivend.com ******
Quoting pacman@cqc.com (pacman@cqc.com):
> This bit of the documentation looks particularly bad:
>
> The program files can be owned by anyone, but any databases, ASCII
> database source files, error logs, and the directory that holds
> them must be writable by the proper user ID, that is the one that
> is executing the minivend program. The best way to operate in
> multi-user, multi-catalog setups is to create a special minivend
> user, then put that user in the group that each catalog user is
> in. If you can define a group for each individual user, that
> provides the best security. Then all associated files can be in
> 660 or 770 mode, and you should have no problems with permissions,
> and no problems with security.
>
> We already use gids for actual *group*ing of customers (imagine that, groups
> being used as they were intended) so an approach based on the
> one-user-per-group hack isn't going to work.
>
And what is bad? Or incompatible? Is it not simple just to add a new
series of groups to your /etc/group file?
user1cat:x:10001:user1,minivend
user2cat:x:10002:user2,minivend
What does any of this do to invalidate your current groups? ?? ???
Remember, a user can be a member of more than one group on any modern
*NIX. If you set the SGID bit in the directory, group ownership on
newly-created files becomes automatic, so that is not a concern. I set
all catalog directories thusly:
-rw-rw---- 1 value value 35997 Apr 29 10:10 catalog.cfg
drwxrws--- 2 value value 1024 Apr 25 23:08 config
-rw-rw---- 1 minivend value 3105 May 24 13:11 error.log
-rw-rw---- 1 value value 3492 May 24 09:58 error.log.gz
drwxrws--- 2 value value 1024 May 21 00:49 etc
drwxrws--- 8 value value 2048 May 24 14:13 pages
drwxrws--- 2 value value 2048 May 24 13:28 products
drwxrws--- 2 value value 1024 Apr 25 23:16 session
-rw-rw---- 1 minivend value 780385 May 24 21:02 session.gdbm
drwxrws--- 4 value value 1024 May 23 11:19 tmp
If you run into group limitations based on your OS (a user can only
effectively be a member of so many groups in most *NIX implementations),
run one MV daemon for every 32 users owning catalogs. That is what I do.
Then create a number of server-owning processes with different usernames
but the same user ID. Works like a champ and you can have hundreds of
users with catalogs on the same server.
Unless you want to use ACL or some other non-standard filesystem-based
permission method I don't see how any system can provide security without
running as root.
And no, you should never run MV as root. Never. Period. Just like
you shouldn't run Oracle, or Sybase, or anything else which has
a language associated with it and access connected to the
Internet.
After all, you would hardly want a
[file /etc/shadow]
tag placed in a page. NoAbsolute should prevent this, but there are
probably many other exploits that haven't been anticipated. And won't
be, because I won't ever design for MV being run as root.
--
Mike Heins http://www.minivend.com/ ___
Internet Robotics |_ _|____
131 Willow Lane, Floor 2 | || _ \
It's a little-known fact Oxford, OH 45056 | || |_) |
that the Y1K problem caused <mikeh@minivend.com> |___| _ <
the Dark Ages. -- unknown 513.523.7621 FAX 7501 |_| \_\
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
