also sprach Mathias Gygax <mg@trash.net> [2001.12.05.1109 -0800]: > > no, not yet. it's on my todo list, but since i am pretty comfortable > > as root and my users are trusted users, it is not prime importance. > > if you have remote daemons, you don't have anything like "trusted > users". every daemon has it's associated UID. how right you are! but these servers are private, i do them in my free-time, there is no sensitive data on them, they are firewalled, i don't really care about them too much, and my users know this. all my daemons run chrooted as non-privileged users, all are up-to-date, and only the barest selection is enabled. add that to the firewall and i can say that it is secure with respect to the circumstances. and if a user acts up, s/he's gone. security is an important concept, but certain projects warrant certain security projects, and mine just happens to need less security than the ones i administer productively... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck this message represents the official view of the voices in my head.
Attachment:
pgp_zlfZExTsG.pgp
Description: PGP signature