[Bug 472676] Review Request: partimage

bugzilla at redhat.com bugzilla at redhat.com
Wed Nov 26 23:40:52 UTC 2008 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=472676





--- Comment #13 from Paulo Roma Cavalcanti <promac at gmail.com>  2008-11-26 18:40:51 EDT ---

> > > Not sure. Is this something you're adding on, or functionality of the original
> > > code?
> > 
> > I borrowed the idea from Gentoo and Ubuntu. They created this script so people
> > do not need to have a local account on the server. By what I have read about
> > Pam, it can use this scheme. 
> > 
> > # partimaged user database 
> > auth     sufficient   pam_userdb.so db=/etc/partimaged/passwd
> > 
> > But I always get a "password mismatch".
> 
> I'm not sure I like the security implications of this.  This would mean that if
> you run partimage-server on your network, anyone on your network with a Fedora
> LiveCD with this installed can dump images on your server.

Not really. This script has to be run as root on the server. Therefore,
only an administrator can add users. It is like using "pserver" authentication
for CVS. But without any protection, you are right. 

Furthermore, without login enabled (on the server it is just a question of
removing --nologin from/etc/sysconfig/patimage), and using the default port 
(and no firewall), anyone knowing the name of the image can download it. 
I have downloaded in the past a whole fedora image from a server in another
city. It took some time, but worked.  


> 
> > 
> > I added a README.Fedora.html (I chose html, because it has some useful links).
> 
> Good idea.  But rename to partimage.README.html to avoid use of the word Fedora
> and SRPM clobbering.

Done


> 
> Also, for partimaged-certs.cnf, you should mention in the README that this file
> should be customized.  Not everyone is in Rio. :)

Changed the README. 
Also, I changed the name of the default city to Smallville. :)

(I kept the same releae).

Spec: http://orion.lcg.ufrj.br/RPMS/SPECS/partimage.spec

SRPM: http://orion.lcg.ufrj.br/RPMS/src/partimage-0.6.7-3.fc8.src.rpm

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Fedora-package-review mailing list