[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[LDM #EKK-941581]: LDM 6.9.0.6 password/security ramification issues?
This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
- Subject: [LDM #EKK-941581]: LDM 6.9.0.6 password/security ramification issues?
- Date: Mon, 29 Nov 2010 14:03:15 -0700
Tyler, > Some more discussions with Gilbert this morning and with the input of > his vast knowledge as an LDM admin and Unidata supporter....I have > come to realize that Unidata may in fact presume that the person doing > the install does in fact have root level privileges. No such assumption is made. If the LDM user can't access root privileges, then the installation will be no worse-off than before. The command "make root-actions" will have to be executed later by root. That's all. When the configure(1) script ask for the root password, just enter nonsense. > My experience in > the IT field has taught me that this is a _very_ bad assumption, > especially outside the confines of academia, but let us assume that we > have to move forward without changing this belief system. > > Root level privileges come in at least two flavors: > 1. knowledge of the actual root password > 2. access to root level permissions without knowledge of the password (eg: > sudo) > > Pre 6.9x installations work under either of the above conditions. > > Post 6.9x installations do not (given the description of the process by > Gilbert) > > It is condition #2 above that I am cautioning against eliminating as > an install method. Knowledge of the actual root password should > _never_ be a pre-condition of installing any software unless it has > direct implications to the OS or kernel (installation of drivers, > etc). > > If LDM is no longer going to allow non-root level permission > installations (we can argue that later over beer sometime), then > installation should be done _AS_ the root user. Who cares how the > person obtained root level permissions? Run the installation scripts > as root. chown/chmod/chgrp to lower privileged accounts (eg: ldmuser) > as needed. > > - It eliminates the unnecessary and potentially dangerous requirement > to type in the root password to a script > - It forces the installation of LDM in an environment that support-ldm > expects (root level privileges) > - It will work under any condition in which root level privileges can > be obtained. password, sudo, su, etc > > -Tyler Regards, Steve Emmerson Ticket Details =================== Ticket ID: EKK-941581 Department: Support LDM Priority: Normal Status: Closed
- Prev by Date: [LDM #TMA-441215]: Beta test 6.9?
- Next by Date: [LDM #EKK-941581]: LDM 6.9.0.6 password/security ramification issues?
- Previous by thread: [LDM #EKK-941581]: LDM 6.9.0.6 password/security ramification issues?
- Next by thread: [LDM #EKK-941581]: LDM 6.9.0.6 password/security ramification issues?
- Index(es):