hi,
one obvious thing that I have noticed...
files inside the depot on the shares (i.e. opt_pcbin\*\*) should not be writable
they should be denied either by smb.conf directive (easier) or by FS privileges on the opsi host (harder, because everytime you modify the script you would have to change the privileges and besides, reinstallation of the packages will not be possible).
so my advice is to set readonly = yes in smb.conf instead of writeable = yes
security issues
Re: security issues
Hi wardenik,
yes, we agree.
opsi until version 3.3 needed write access to this share.
We did a lot of changes and development to make it possible to use this share read only.
At the moment this should work (we hope) even it is not tested yet.
So if you try it, please tell us your experience.
regards
detlef oertel
yes, we agree.
opsi until version 3.3 needed write access to this share.
We did a lot of changes and development to make it possible to use this share read only.
At the moment this should work (we hope) even it is not tested yet.
So if you try it, please tell us your experience.
regards
detlef oertel
Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.
Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.
uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de
Re: security issues
No problems with the install pcbin share being set to readonly.