On Sun, 10 Jan 1999, Brock Rozen wrote:
> And that denial of logins translates into more work. Allow them limited
> shell logins and you remove work off your back. Opening it up to
> interactive systems might be more of a security hole than allowing those
> who already run part of your system a little more access to it.
Most of them wouldn't know what to do with a shell if it bit them on the
ass. Training them to use editors and host-based mailers is a pretty big
waste of time.
Additionally, the security issues we have ever had in one of the domains I
manage were caused by passwords for interactive shell accounts being
sniffed. No shells, no logins.
> Delegate your work to someone who does have shell login. A sysadmin can't
> keep everybody else from logging in and then complain when the workload
> gets too high. There's always compromises...
Other sysadmins are one thing; list owners being sysadmins is another.
> and as I said, auto-recompilation of sendmail related files should remain
> with sendmail, not some other program.
I'm not certain I consider them "sendmail related files" -- they're just
db's.
In fact, I'd love to see the addition of a new database type called the
directory, where filenames would act as keys (as smail uses); I've
proposed this to Eric. It should scale well to medium-sized directories
(a few thousand aliases) on ufs and many thousands on file system types
like vxfs and xfs that have more efficient directory structures, and would
require no recompliation.
--
ROGER B.A. KLORESE rogerk@QueerNet.ORG urgent: rogerk-page@QueerNet.ORG
PO Box 14309 San Francisco, CA 94114 +1 415 ALL-ARFF
"There is only one real blasphemy -- the refusal of joy!" -- Paul Rudnick
References:
|
|
