Maybe it's time to get rid of tcpwrappers/tcpd?
Reindl Harald
h.reindl at thelounge.net
Mon Mar 24 12:06:28 UTC 2014
Am 24.03.2014 12:57, schrieb Nicolas Mailhot:
> Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :
>
>> The RHEL documentation, apart from fully describing the abilities,
>> specifically describes two uses: a ftpd banner
>
> Surprisingly, ftp is still widely used entreprise-side, because ssh is
> giving too much access
no, it is easy to restrict ssh to ONLY sftp and chroot and with
simple bind-mounts you can completly replace ftp, doing that here
in production over years with 3 simple scripts
[root at localhost:~]$ mount | grep sftp-homes | wc -l
168
* create and maintain the mountpoints from the backend
* mount all bind-mounts at boot
* unmount them before shutdown
* internally you can use the same for userbased smb shares
that's why i go that angry by the broken coreutils "df"
behavior which now luckily no longer lists all bind-mounts
but is still a mess and nobody cares
https://bugzilla.redhat.com/show_bug.cgi?id=1042840
https://bugzilla.redhat.com/show_bug.cgi?id=1001092#c12
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140324/44c19af9/attachment.sig>
More information about the devel
mailing list