rsync over ssl (again)
Ben Escoto
bescoto at stanford.edu
Thu Aug 22 14:22:01 EST 2002
>>>>> "PH" == Phil Howard <phil at ipal.net>
>>>>> wrote the following on Thu, 22 Aug 2002 11:32:46 -0500
PH> While it is "secure" in the sense of an encrypted medium, it is
PH> still using a login to a system (e.g. /etc/passwd based)
PH> account.
...
PH> SSH is by legacy a tool to provide a shell access. I worry it
PH> could revert to that, either due to a less focused initiative,
PH> or just the lack of any documentation for administering
PH> _authorization_ aspects (as opposed to authentication).
Well, any server must be running under some userid, so if the server
is going to be hacked, I suppose it is an advantage that each account
has its own uid in /etc/passwd. I see your point about the lack of
documentation. But I wonder if it would be easier to hack sftpd or
rsyncd...
PH> How would I say what users are allowed to access what paths. I
PH> can do this in rsync via port 873 and thus /etc/rsyncd.conf, but
PH> there just seems to be nothing in sftpd to do it. And what in
PH> sftpd lets me do what rsync can do in "secrets =" in
PH> /etc/rsyncd.conf?
I suppose you would be stuck with the standard system tools (groups,
ACLs if you have them, chroot perhaps, etc.).
--
Ben Escoto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20020822/2abb4ddc/attachment.bin
More information about the rsync
mailing list