cross
|
|
response 3 of 24:
| 
Oct 23 19:41 UTC 2008 |
resp:1 A big chunk of the discussion in the Tuesday night board meeting
was, in fact, newuser; I'd even go so far as to say that discussion about
newuser comprised the majority of the meeting.
As TS noted in resp:2, we are, in fact, using a new shell for newuser right
now. This is somewhat different from the scheme that Lee proposed to me, but
it was something I did as a stop-gap to stop ongoing attacks.
In a nutshell: New users on Grex no longer get access to an "unrestricted"
Unix shell. Instead, they get something very limited in scope that allows
them to run only a few commands that, for better or worse, can be very tightly
controlled. At the same time, I changed backtalk's authentication mechanism
so that users running that new shell did not have write access to backtalk.
The shell doesn't support running party, tel, write, fronttalk, or picospan,
and thus, new users have essentially no access to party or the conferences.
As I said, this was something of a stop-gap. Moving forward, I'd like to
work up a somewhat more robust mechanism for not just issuing accounts, but
granting higher levels of access to the system. We're working on it; I think
pretty much everyone's on roughly the same sheet of music, both technically
and politically. Lee sent in a pretty specific outline that jived well with
the general ideas that I and others have been having, so I think we're all
headed in pretty much the same direction. Now, it's just a small matter of
programming.
|