[Yum] Re: Usernames, Passwords and yum

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 8 Jun 2004, Michael Stenner wrote:

> On Tue, Jun 08, 2004 at 07:06:57PM -0700, Michael Stenner wrote:
> > On Tue, Jun 08, 2004 at 03:50:29PM -0500, Michael Favia wrote:
> > > I would agree with scrubbing the URI
> 
> OK, I just had another thought that reduces my motivation to pursue
> this url-scrubbing thing.  We're trying to prevent a regular user from
> getting the password, right?  Scrubbing the logging messages is kinda
> silly when they can just read the config file.  So, if you really want
> the users to not see the password, you should lock down the config
> file, at which point, they can't run yum anyway.

Unless they have root access they already cannot run yum. When I originally
asked this question all I was trying to do is not have the passwd in plain
view for anyone shoulder surfing. In retrospect the right answer is to
not serve the files via ftp. Since the repos are on the local network I 
simply made them available via nfs. The only reason for restricting access
on the ftp site is because I have RHEL there and I do not think Red Hat
would like me serving up RHEL 3 rpms via anonymous ftp.
 
> Surely, people are going to suggest crazy schemes for solving this
> problem, but I'll be really surprised if anyone feels it's actually
> valuable enough to implement.

The more I think about this the more I think you are correct. For non-anonymous
situations there are better ways than ftp.

Tom

[Index of Archives]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux