Subject:
|
Re: NQC in Boston University Linux :)
|
Newsgroups:
|
lugnet.off-topic.geek
|
Date:
|
Fri, 7 Apr 2000 15:00:20 GMT
|
Reply-To:
|
mattdm@mattdm.org=StopSpammers=
|
Viewed:
|
172 times
|
| |
|
|
Dan Boger <dan@giccs.georgetown.edu> wrote:
> > - uses bash version 2; none of this bash w/ optional "bash2" silliness
>
> bash? zsh :)
I don't think zsh is 100% backwards compatible with sh, so it's not an ideal
replacement. Might be reasonable to add though.
> nog... heh, if you have to put gaim, put licq too? (unless gaim is not
> what I think it is...)
Yeah, gaim is what you think it is. If I get requests for licq, I'll put it
in.
> hmmm... definitely want to look at afs. what about coda?
We're looking at coda. But currently, we're very big into AFS for our Solaris
and Irix boxes, so AFS it is. Plus, coda is in a perpetual state of
"warning! this isn't safe to use!".
> > - modified lilo (yay asm coding) supports password=* option, which, in
> > combination with the restricted flag, makes it possible to configure lilo
> > to be secure by default. (no init=/bin/sh)
> I always thought it was there by default - you could put a password so
> you couldn't enter parameters without it... no?
Yes, but the "restricted" option doesn't work as you might expect. Having a
password set keeps the system from booting without interaction. This is less
than ideal, so they invented the "restricted" keyword. This
counterintuitively makes the bootup _less_ restricted -- it allows automatic
booting normally, and requires a password when parameters are given.
The conceptual problem is that *password* is the main option, and restricted
modifies that to be less restrictive. (You can't use restricted by itself.)
What SHOULD happen is:
A) restricted set, no password: system restricted to only booting
predefined images, no parameters
B) restricted set, with password: system restricted, but passing parameters
causes a password prompt
C) not restricted, no password: boot automatically, parameters allowed
D) not restricted, with password: always require a password. this may also
be nonintuitive. an even better idea may
be for this to produce an error, and have
a "restricted=completely" option
Since LILO is (of course) written in assembly, I was loath to make this
major of a change to the logic. Instead, I made a two-line change which adds
the feature where if password=* (or actually, anything beginning with
* -- analogous to the traditional method of putting a * in /etc/passwd to
temporary disable an account) password checks always fail, resulting in the
desired behavior A.
(Why not just set a password? Well, what would I set it to?)
> > - if root runs X, a full screen message pops up explaining why that's
> > discouraged. (future plague of linux virii, mark my words...)
> nod - but I believe if you do that, you deserve what you get... gnome
> warns of it too, no?
Gnome (gmc, actually) does warn of it, but not everyone runs gnome. Plus,
this is more prominent. People may deserve what they get, but a little
education never hurt. If people adopt good pratices now, the predicted
plague won't happen.
> cool - sounds a lot like what I end up tuning our machines to, which
> takes about 20 mins... but if I had to install 100s of boxes, I might
> look into this BUL :P
:) Yes, reducing post-install tuning is a major goal. Of course, for people
not at BU, as we get more and more BU-centric, it'll eventually be _more_
work than starting with stock RH.
--
Matthew Miller ---> mattdm@mattdm.org
Quotes 'R' Us ---> http://quotes-r-us.org/
|
|
Message is in Reply To:
 | | Re: NQC in Boston University Linux :)
|
| (...) yup, I installed it in /usr/local for all the dept. :) (...) bash? zsh :) (...) nod, pam is nice. (...) nog... heh, if you have to put gaim, put licq too? (unless gaim is not what I think it is...) (...) mmmm... tripwire - let's me snoop on (...) (25 years ago, 7-Apr-00, to lugnet.off-topic.geek)
|
18 Messages in This Thread:
 
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
