[Yum] Re: Usernames, Passwords and yum
Tom Diehl
tdiehl at rogueind.com
Wed Jun 9 03:17:36 UTC 2004
On Tue, 8 Jun 2004, Michael Stenner wrote:
> On Tue, Jun 08, 2004 at 07:06:57PM -0700, Michael Stenner wrote:
> > On Tue, Jun 08, 2004 at 03:50:29PM -0500, Michael Favia wrote:
> > > I would agree with scrubbing the URI
>
> OK, I just had another thought that reduces my motivation to pursue
> this url-scrubbing thing. We're trying to prevent a regular user from
> getting the password, right? Scrubbing the logging messages is kinda
> silly when they can just read the config file. So, if you really want
> the users to not see the password, you should lock down the config
> file, at which point, they can't run yum anyway.
Unless they have root access they already cannot run yum. When I originally
asked this question all I was trying to do is not have the passwd in plain
view for anyone shoulder surfing. In retrospect the right answer is to
not serve the files via ftp. Since the repos are on the local network I
simply made them available via nfs. The only reason for restricting access
on the ftp site is because I have RHEL there and I do not think Red Hat
would like me serving up RHEL 3 rpms via anonymous ftp.
> Surely, people are going to suggest crazy schemes for solving this
> problem, but I'll be really surprised if anyone feels it's actually
> valuable enough to implement.
The more I think about this the more I think you are correct. For non-anonymous
situations there are better ways than ftp.
Tom
More information about the Yum
mailing list