On Tue, 8 Jun 2004, Michael Stenner wrote: > On Tue, Jun 08, 2004 at 07:06:57PM -0700, Michael Stenner wrote: > > On Tue, Jun 08, 2004 at 03:50:29PM -0500, Michael Favia wrote: > > > I would agree with scrubbing the URI > > OK, I just had another thought that reduces my motivation to pursue > this url-scrubbing thing. We're trying to prevent a regular user from > getting the password, right? Scrubbing the logging messages is kinda > silly when they can just read the config file. So, if you really want > the users to not see the password, you should lock down the config > file, at which point, they can't run yum anyway. Unless they have root access they already cannot run yum. When I originally asked this question all I was trying to do is not have the passwd in plain view for anyone shoulder surfing. In retrospect the right answer is to not serve the files via ftp. Since the repos are on the local network I simply made them available via nfs. The only reason for restricting access on the ftp site is because I have RHEL there and I do not think Red Hat would like me serving up RHEL 3 rpms via anonymous ftp. > Surely, people are going to suggest crazy schemes for solving this > problem, but I'll be really surprised if anyone feels it's actually > valuable enough to implement. The more I think about this the more I think you are correct. For non-anonymous situations there are better ways than ftp. Tom
