[csw-buildfarm] Better security for home directories

Ben Walton bwalton at opencsw.org
Mon May 6 17:33:01 CEST 2013


I was going to suggest that replicating the file around would be
easier...but that would still lead to the root problem on the testing*
hosts.

Not having NFS mounts there would increase the storage requirements
although by how much I don't know...is that a concern Dago?  It's also
less convenient although that shouldn't be a deal breaker overall, I
don't think.

Thanks
-Ben

On Mon, May 6, 2013 at 8:30 AM, Maciej (Matchek) Bliziński
<maciej at opencsw.org> wrote:
> I'm working on a rewrite of a large portion of our checkpkg/pkgdb code base.
> One of the things that I want to change is using REST from all of the build
> hosts, when running checkpkg. Talking via REST requires authenticating via
> HTTP. We use password based authentication, with passwords living in a
> specific place in the filesystem. It's currently only on login, no problem
> to maintain. But if we want that to be accessible from every build host, we
> would either need to copy the auth (password containing) files to every
> build host, or keep them in home directories. But home directories are
> readable by root, and people have root on testing (experimental) boxes.
>
> I suggest: let's remove home directory exports on boxes where people have
> root.
>
> Thoughts?
>
> Maciej
>
> _______________________________________________
> buildfarm mailing list
> buildfarm at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/buildfarm


More information about the buildfarm mailing list