SOLVED: Unix user pcpatch, its password - security question

Antworten
giner
Beiträge: 29
Registriert: 24 Sep 2014, 07:45

SOLVED: Unix user pcpatch, its password - security question

Beitrag von giner »

Hello,

From manual:

Code: Alles auswählen

# Set the password of user pcpatch for Unix, samba and opsi.
opsi-admin -d task setPcpatchPassword
By defaut it is possible to login locally or by ssh within "pcpatch" user.
As I understand from the manual (and experiments prove it) pcpatch Unix user is not used. What about removing Unix password for this user by default (and do not set with setPcpatchPassword) and leave only Samba password so it can't login by SSH or locally?

Also this user should have read-only access to Samba shares. I know it is mentioned in the manual but I think this should be default behaviour.

Best regards,
Stanislav German-Evtushenko
Zuletzt geändert von giner am 25 Sep 2014, 12:34, insgesamt 1-mal geändert.
Benutzeravatar
ueluekmen
uib-Team
Beiträge: 1940
Registriert: 28 Mai 2008, 10:53

Re: Unix user pcpatch and it's password - security question

Beitrag von ueluekmen »

Hi,

the Unix user for pcpatch is used by ntfs-write-image and ntfs-restore-image. These products use ssh to write the image to the server.

We try to support opsi-clonezilla. This package is in Development state. If this package will be stable, we will end the support for the old imaging products. After that we can change the default behaviour.

Until the opsi-clonezilla package is in development state, we must support the old way of managing images and can't change setPcpatchPassword method. If you don't use the ntfs-write-image and ntfs-restore-image you can take the loginshell from pcpatch User to prevent his login.


Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.

Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.

uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de


giner
Beiträge: 29
Registriert: 24 Sep 2014, 07:45

Re: SOLVED: Unix user pcpatch, its password - security quest

Beitrag von giner »

Hello,

Thank you for the detailed answer!
It is clear now.

Stanislav
Antworten