17-Oct-02 at 17:19, Boniforti Flavio (boniforti.fco-ver.it) wrote :
>
> > > So you mean adding accounts without shell access can't harm to my
> > > system, as long as daemons are chrooted (which is my case)?
> >
> > No, shell access to a machine is always a potential exploit hole.
> > Production servers should be accessible at most by sysadmins
> > via SSH or
> > Webmin over SSL, nothing else.
>
> Yeah, that's my case: I mean, nobody has shell access to my machine,
> except for me (SysAdmin) via SSH. The mailusers have /bin/false as their
> shell...

Sorry, I misread your last paragraph. I thought it said "adding accounts
with shell access"...

-- 
[Simon White. vim/mutt. simonmtds.com. GIMPS:31.04% see www.mersenne.org]
Recognizing disagreements in belief requires having enough agreements in
belief to translate or understand the words and deeds of my opponent.
  -- Anthony O'Hear (combining, somewhat, several modern philosophers).
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]