[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Importance of LDM account.

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

Subject: Re: Fwd: Importance of LDM account.
Date: Tue, 12 Nov 2002 17:43:42 +0000

Russ,

Thanks!  Security is the big issue . . . the decoders/* calls are the only 
ones I have not dealt with to run as a service as opposed to running in user 
space (i.e. ldm); we've long since replaced scour as it was a hazard early on.

But you answered the main thing - which is the philosophy of UNIDATA; we want 
all of our installations to look as much like a straight LDM installation as 
possible, and in keeping with that, we'll continue using an LDM account.

Stonie

On Tuesday 12 November 2002 17:18, Russ Rew wrote:
> >To: address@hidden
>
> From: "Stonie R. Cooper" <address@hidden>
>
> >Subject: Re: 20021108: Importance of LDM account
> >Organization: Planetary Data, Incorporated
>
> Stonie,
>
> > I've been a user of LDM, one way or another, since the early 1990's.
> >
> > In the old days, it seemed more obvious why the LDM suite of applications
> > were sequestered to an "ldm" account.
> >
> > It doesn't seem so obvious anymore.  What is your feeling, or Unidata's
> > for that matter, on LDM being treated more like a service (like sendmail
> > or apache) where root owns the ldm tree, and the group is set to a common
> > met-apps group - like "data"?
>
> I think running the LDM system as root would invite security problems.
> Each decoder process would be run as root, and getting the right EXEC
> line in the pqact.conf configuration file would be enough to
> compromise a system.  Running the crufty old shell script which is
> "scour" as root easily delete more than was intended, if an error were
> made in the scour configuration file.  When you design things to be
> run as root, you have to take a lot more care in checking for security
> problems and the consequences of mistakes than when you are protected
> by running as a pseudo-user such as "ldm".  I don't see the benefits
> to be gained by running as root that would balance the costs of
> redesigning everything with security in mind.
>
> --Russ
>
> _____________________________________________________________________
>
> Russ Rew                                         UCAR Unidata Program
> address@hidden                     http://www.unidata.ucar.edu

-- 
Stonie R. Cooper
Planetary Data, Incorporated
ph. (402) 782-6611
"Growth for the sake of growth is the ideology of the cancer cell."
  - Edward Abbey

References:
- Re: Fwd: Importance of LDM account.
  - From: Russ Rew

Prev by Date: Re: Fwd: Importance of LDM account.
Next by Date: 20021112: dmraob.k and dmsyn.k hanging on weather2; LDM memory leak (cont.)
Previous by thread: Re: Fwd: Importance of LDM account.
Next by thread: 20021112: dmraob.k and dmsyn.k hanging on weather2; LDM memory leak (cont.)
Index(es):
- Date
- Thread