security issues

Antworten
wardenik
Beiträge: 65
Registriert: 27 Okt 2008, 12:22

security issues

Beitrag von wardenik »

hi,

one obvious thing that I have noticed...
files inside the depot on the shares (i.e. opt_pcbin\*\*) should not be writable
they should be denied either by smb.conf directive (easier) or by FS privileges on the opsi host (harder, because everytime you modify the script you would have to change the privileges and besides, reinstallation of the packages will not be possible).

so my advice is to set readonly = yes in smb.conf instead of writeable = yes
Benutzeravatar
d.oertel
uib-Team
Beiträge: 3327
Registriert: 04 Jun 2008, 14:27

Re: security issues

Beitrag von d.oertel »

Hi wardenik,

yes, we agree.

opsi until version 3.3 needed write access to this share.
We did a lot of changes and development to make it possible to use this share read only.
At the moment this should work (we hope) even it is not tested yet.

So if you try it, please tell us your experience.

regards

detlef oertel


Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.

Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.

uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de


wardenik
Beiträge: 65
Registriert: 27 Okt 2008, 12:22

Re: security issues

Beitrag von wardenik »

No problems with the install pcbin share being set to readonly.
Antworten