Re: identity file permissions
From: Derek J. Balling (dredd@megacity.org)
Date: 04/10/03
- Previous message: Tim Writer: "Re: identity file permissions"
- In reply to: Tim Writer: "Re: identity file permissions"
- Next in thread: W Laurentce: "Re: identity file permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Apr 2003 20:35:03 -0400 To: Tim Writer <tim@starnix.com> From: "Derek J. Balling" <dredd@megacity.org>
On Wednesday, April 9, 2003, at 08:20 PM, Tim Writer wrote:
> Instead of creating an identify for the FAX user, why not just add the
> public
> keys of all (several hundred) users to the FAX users authorized keys
> file?
> Admittedly, this is more work up front (although should be easy to
> automate)
> but think about what happens when someone leaves. With your scheme
> (assuming
> you can make it work), you would have to issue a new FAX key and
> inform all
> (several hundred) FAX users. Some of them won't get the message and
> some of
> them will have copied the old FAX key to notebooks or home computers
> etc. for
> easy access and you'll be deluged by support calls. With my scheme,
> you
> simply remove the user from the FAX users authorized keys file and
> other
> users are unaffected.
Actually, no, the users in question have no actual access to the
filesystem. Their login shell is our CSR application, so the only
access they have is what they are explicitly given.
So yes, generating a key for every user at creation time automatically
is one solution, but then it requires lots of automation (because our
users are created via LDAP, so all we do to "create" a user is add them
to the LDAP server and make their homedir. Now there would be making
the homedir, creating a key, getting that key over to the fax server,
etc. etc., and then undo-ing all that when a user is terminated.
Meanwhile, even if a user COULD get to the private key on the
application server, when someone is fired, (since the SSH command all
happens under the hood), we could simply distribute a new private key
to the application server, a new public key to the fax-server, and
change it one spot and it's done.
I certainly recognize the "usual" value that limiting a private key to
a single user provides, but this (to my thinking anyway) is a pretty
decent example of where sharing a single private key among the users
makes a whole lot of sense.
If I have to do the 'cp' workaround, I will, but I just wish there was
some way to override the current behavior.
D
- Previous message: Tim Writer: "Re: identity file permissions"
- In reply to: Tim Writer: "Re: identity file permissions"
- Next in thread: W Laurentce: "Re: identity file permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
