Re: Fwd: Importance of LDM account.

>To: address@hidden
>From: "Stonie R. Cooper" <address@hidden>
>Subject: Re: 20021108: Importance of LDM account
>Organization: Planetary Data, Incorporated

Stonie,

> I've been a user of LDM, one way or another, since the early 1990's.
> 
> In the old days, it seemed more obvious why the LDM suite of applications
> were sequestered to an "ldm" account.
> 
> It doesn't seem so obvious anymore.  What is your feeling, or Unidata's for
> that matter, on LDM being treated more like a service (like sendmail or
> apache) where root owns the ldm tree, and the group is set to a common
> met-apps group - like "data"?

I think running the LDM system as root would invite security problems.
Each decoder process would be run as root, and getting the right EXEC
line in the pqact.conf configuration file would be enough to
compromise a system.  Running the crufty old shell script which is
"scour" as root easily delete more than was intended, if an error were
made in the scour configuration file.  When you design things to be
run as root, you have to take a lot more care in checking for security
problems and the consequences of mistakes than when you are protected
by running as a pseudo-user such as "ldm".  I don't see the benefits
to be gained by running as root that would balance the costs of
redesigning everything with security in mind.

--Russ

_____________________________________________________________________

Russ Rew                                         UCAR Unidata Program
address@hidden                     http://www.unidata.ucar.edu