From owner-freebsd-questions Thu Feb 22 1: 8:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from clientmail.realtime.co.uk (simian.realtime.co.uk [194.205.134.131]) by hub.freebsd.org (Postfix) with ESMTP id 05DA237B401 for ; Thu, 22 Feb 2001 01:08:16 -0800 (PST) (envelope-from waynep@zaphod.realtime.co.uk) Received: from zaphod.realtime.co.uk ([194.205.134.208]) by clientmail.realtime.co.uk with esmtp (Exim 3.20 #1) id 14VrjG-00036i-01; Thu, 22 Feb 2001 09:08:02 +0000 Received: from waynep by zaphod.realtime.co.uk with local (Exim 3.16 #1) id 14Vrig-0003xe-00; Thu, 22 Feb 2001 09:07:26 +0000 From: Wayne Pascoe To: "Ted Mittelstaedt" Cc: Subject: Re: login-MODEM References: <004701c09cad$b8c88c40$1401a8c0@tedm.placo.com> Reply-To: wayne.pascoe@realtime.co.uk Date: 22 Feb 2001 09:07:26 +0000 In-Reply-To: <004701c09cad$b8c88c40$1401a8c0@tedm.placo.com> Message-ID: Lines: 41 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Channel Islands) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Ted Mittelstaedt" writes: > Your way overstating the security risks here. What risks?! There's nothing > that a user can do on a shell server that they can't do already by setting > up a > UNIX system and dialing into us, except for screwing other users on that > server, I disagree. I was looking at providing shell access for my users, to the server that their web pages lived on. I decided against it for a couple of reasons. The main one was that if a local root exploit comes out at 2am and I only see the announcement at 8am when I wake up, there is a good chance that one of my users will have rooted my server. This means complete reload. Not fun! > and if all the users understand that the shell server is basically the kids > playroom and you need to protect yourself, and that files placed on it are > not backed up, why then who cares what they do to the server? If one day > I find that some kiddie has trashed it, so what, I can see when it happened, > check the radius logs to see who was on it, very likely find out that way > who did it, suspend their account, and in an hour I can reimage the system > disk and we are back up and running. > Ok, I was looking at shell access not for playground but for managing users own website. I still haven't found a good way of doing this. > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com I had a look at your book at the local bookstore yesterday (Foyles) Nice work! -- - Wayne Pascoe E-mail: wayne.pascoe@realtime.co.uk Phone : +44 (0) 20 7544 4668 Mobile: +44 (0) 788 431 1675 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message