Re: Associating Unix User Accounts with Servers
From: joe durusau (joe.durusau_at_lmco.com)
Date: 09/22/04
- Previous message: Kushal Agarwal: "Re: Associating Unix User Accounts with Servers"
- In reply to: Kushal Agarwal: "Re: Associating Unix User Accounts with Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 22 Sep 2004 11:22:46 -0400
Kushal Agarwal wrote:
> joe durusau <joe.durusau@lmco.com> wrote in message news:<4150939E.4FA9FD13@lmco.com>...
> > Kushal Agarwal wrote:
> >
> > > Dave Hinz <DaveHinz@spamcop.net> wrote in message news:<2r8u70F17275sU2@uni-berlin.de>...
> > > > On 20 Sep 2004 13:46:47 -0700, Kushal Agarwal <kushal.agarwal@gmail.com> wrote:
> > > > > Hello,
> > > > >
> > > > > I was wondering, how can I associate unix user accounts to work with
> > > > > various servers, such as Database servers, Administration servers,
> > > > > etc.
> > > >
> > > > Details will be environment-specific. NIS+, LDAP, lots of options.
> > > >
> > > > > Additionally what interface does unix provide for this type of
> > > > > association?
> > > >
> > > > It depends.
> > >
> > > Sorry.. my mistake, I actually meant application, and not server.
> > >
> > > The problem is that I don't want the application to store its own list
> > > of users inside it, rather, it should use the list already defined in
> > > the UNIX network. So is there any interface that UNIX provides to
> > > allow the application to access the UNIX user accounts/authentication
> > > procedures.
> > >
> > > Kushal.
> >
> > How secure does this mechanism have to be? If it is just a matter
> > of Jones always wants app X to start automatically, but there is no
> > reason to be afraid of Jones doing something else, you could define a
> > shell that would do waht you want. If it has to be hard to break out
> > of the defined app, there would be more trouble.
> >
> > Speaking only for myself,
> >
> > Joe Durusau
>
> More specifically.. the mechanism has to be quite secure. Therefore I
> was thinking of getting the application to make the system calls that
> the OS makes during logon.
>
> I know some of the top level system calls that are called during logon
> to a machine.. but what exactly are they all?
>
> Thanks,
>
> Kushal
Sounds like you want to set up the users in question in a chrooted
environment. Pretty tricky, and difficult. It is usually better to make a
spearate machine with only the capabilities you want, no access to
networks, etc. and some sort of large group of serial terminals hooked
to it if you really need that kind of security. Otherwise, if this is for
outside customers, you could set something up outside your firewall,
such that is it gets damaged, nothing important is hurt.
Sorry, but I would tend to question why go to all that trouble if it
were me.
Speaking only for myself,
Joe Durusau
- Previous message: Kushal Agarwal: "Re: Associating Unix User Accounts with Servers"
- In reply to: Kushal Agarwal: "Re: Associating Unix User Accounts with Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
