security issues

Antworten
wardenik
Beiträge: 65
Registriert: 27 Okt 2008, 12:22

security issues

Beitrag von wardenik »

hi,

one obvious thing that I have noticed...
files inside the depot on the shares (i.e. opt_pcbin\*\*) should not be writable
they should be denied either by smb.conf directive (easier) or by FS privileges on the opsi host (harder, because everytime you modify the script you would have to change the privileges and besides, reinstallation of the packages will not be possible).

so my advice is to set readonly = yes in smb.conf instead of writeable = yes
Benutzeravatar
d.oertel
uib-Team
Beiträge: 3319
Registriert: 04 Jun 2008, 14:27

Re: security issues

Beitrag von d.oertel »

Hi wardenik,

yes, we agree.

opsi until version 3.3 needed write access to this share.
We did a lot of changes and development to make it possible to use this share read only.
At the moment this should work (we hope) even it is not tested yet.

So if you try it, please tell us your experience.

regards

detlef oertel
opsi support - uib gmbh

For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org
wardenik
Beiträge: 65
Registriert: 27 Okt 2008, 12:22

Re: security issues

Beitrag von wardenik »

No problems with the install pcbin share being set to readonly.
Antworten