* Local security
@ 2000-06-09 18:04 John Goerzen
2000-06-09 18:08 ` Rick Macdonald
0 siblings, 1 reply; 3+ messages in thread
From: John Goerzen @ 2000-06-09 18:04 UTC (permalink / raw)
To: gnats-devel
Hi,
[ Please CC all replies to me as I'm not on the list. ]
I'm looking at setting up gnats. It is impressing me so far, and its
network security features look good. However, I can't seem to find
any options for local security at all. Anybody with an account on the
system seems to be able to use edit-pr to change any bug at all. Is
there any way to restrict this? Is something misconfigured on my box?
Is this feature planned?
Thanks,
John Goerzen
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Local security
2000-06-09 18:04 Local security John Goerzen
@ 2000-06-09 18:08 ` Rick Macdonald
2000-06-10 12:18 ` Tim Riker
0 siblings, 1 reply; 3+ messages in thread
From: Rick Macdonald @ 2000-06-09 18:08 UTC (permalink / raw)
To: John Goerzen; +Cc: gnats-devel
On 9 Jun 2000, John Goerzen wrote:
> I'm looking at setting up gnats. It is impressing me so far, and its
> network security features look good. However, I can't seem to find
> any options for local security at all. Anybody with an account on the
> system seems to be able to use edit-pr to change any bug at all. Is
> there any way to restrict this? Is something misconfigured on my box?
> Is this feature planned?
About all that you can do is remove or restrict the command line programs
and then use the network security by using gnatsweb and/or TkGnats as
front-ends.
...RickM...
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Local security
2000-06-09 18:08 ` Rick Macdonald
@ 2000-06-10 12:18 ` Tim Riker
0 siblings, 0 replies; 3+ messages in thread
From: Tim Riker @ 2000-06-10 12:18 UTC (permalink / raw)
To: Rick Macdonald; +Cc: John Goerzen, gnats-devel
I install gnats databases under /var/lib/gnats-* and then chown them to
gnats:gnats and remove and world permissions. This means that local
users will not be able to access the files at all (as users are not in
the gnats group). This forces network access for everyone. Works very
well for us.
/etc/gnats* should be owned by root, not gnats. These should be group
gnats but not group writeable. The important issue here is just to make
it harder to muck with the access rules. ie: only root can do that.
Rick Macdonald wrote:
>
> On 9 Jun 2000, John Goerzen wrote:
>
> > I'm looking at setting up gnats. It is impressing me so far, and its
> > network security features look good. However, I can't seem to find
> > any options for local security at all. Anybody with an account on the
> > system seems to be able to use edit-pr to change any bug at all. Is
> > there any way to restrict this? Is something misconfigured on my box?
> > Is this feature planned?
>
> About all that you can do is remove or restrict the command line programs
> and then use the network security by using gnatsweb and/or TkGnats as
> front-ends.
>
> ...RickM...
--
Tim Riker - http://rikers.org/ - short SIGs! <g>
All I need to know I could have learned in Kindergarten
... if I'd just been paying attention.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2000-06-10 12:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2000-06-09 18:04 Local security John Goerzen
2000-06-09 18:08 ` Rick Macdonald
2000-06-10 12:18 ` Tim Riker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).