On Sun, 10 Jan 1999, Brock Rozen wrote:
> And that denial of logins translates into more work. Allow them limited
> shell logins and you remove work off your back. Opening it up to
> interactive systems might be more of a security hole than allowing those
> who already run part of your system a little more access to it.
Most of them wouldn't know what to do with a shell if it bit them on the
ass. Training them to use editors and host-based mailers is a pretty big
waste of time.
Additionally, the security issues we have ever had in one of the domains I
manage were caused by passwords for interactive shell accounts being
sniffed. No shells, no logins.
> Delegate your work to someone who does have shell login. A sysadmin can't
> keep everybody else from logging in and then complain when the workload
> gets too high. There's always compromises...
Other sysadmins are one thing; list owners being sysadmins is another.
> and as I said, auto-recompilation of sendmail related files should remain
> with sendmail, not some other program.
I'm not certain I consider them "sendmail related files" -- they're just
In fact, I'd love to see the addition of a new database type called the
directory, where filenames would act as keys (as smail uses); I've
proposed this to Eric. It should scale well to medium-sized directories
(a few thousand aliases) on ufs and many thousands on file system types
like vxfs and xfs that have more efficient directory structures, and would
require no recompliation.
ROGER B.A. KLORESE rogerk@QueerNet.ORG urgent: rogerk-page@QueerNet.ORG
PO Box 14309 San Francisco, CA 94114 +1 415 ALL-ARFF
"There is only one real blasphemy -- the refusal of joy!" -- Paul Rudnick