Seite 1 von 1

SOLVED: Unix user pcpatch, its password - security question

Verfasst: 24 Sep 2014, 10:04
von giner
Hello,

From manual:

Code: Alles auswählen

# Set the password of user pcpatch for Unix, samba and opsi.
opsi-admin -d task setPcpatchPassword
By defaut it is possible to login locally or by ssh within "pcpatch" user.
As I understand from the manual (and experiments prove it) pcpatch Unix user is not used. What about removing Unix password for this user by default (and do not set with setPcpatchPassword) and leave only Samba password so it can't login by SSH or locally?

Also this user should have read-only access to Samba shares. I know it is mentioned in the manual but I think this should be default behaviour.

Best regards,
Stanislav German-Evtushenko

Re: Unix user pcpatch and it's password - security question

Verfasst: 25 Sep 2014, 11:26
von ueluekmen
Hi,

the Unix user for pcpatch is used by ntfs-write-image and ntfs-restore-image. These products use ssh to write the image to the server.

We try to support opsi-clonezilla. This package is in Development state. If this package will be stable, we will end the support for the old imaging products. After that we can change the default behaviour.

Until the opsi-clonezilla package is in development state, we must support the old way of managing images and can't change setPcpatchPassword method. If you don't use the ntfs-write-image and ntfs-restore-image you can take the loginshell from pcpatch User to prevent his login.

Re: SOLVED: Unix user pcpatch, its password - security quest

Verfasst: 25 Sep 2014, 12:35
von giner
Hello,

Thank you for the detailed answer!
It is clear now.

Stanislav