On Saturday 04 July 2009, Matt Kettler wrote: >Gene Heskett wrote: >> Ok, I'll fix that, thanks. >> >>> That said, why give the saupdate user the ability to add keys at all? >>> Import them as root and only give the saupdate user read access. >> >> Basically, since I run myself as root, I was trying to reduce the >> exposure. All the rest of the routine mail handling here is by >> unpriviledged users. And it is all behind a dd-wrt firewall with NAT. > >True, but installing keys isn't something that should be routine. This >should only be possible manually. i.e.: sa-update does not need to >create or write to the key file to perform an update. > >If you're concerned about exposure, it's really best that your automatic >saupdate user not have rights over the key file, it doesn't need it.
Then I don't understand why the script exits when it cannot create the temp file there? I did a chmod +x on the keys directory, and it now exits quickly, 2-3 seconds, without reporting any error, or doing anything that I can find. Is that whole concept now deprecated? -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> Where there is much light there is also much shadow. -- Goethe
