[squid-users] protect squid.conf file
Yuri Voinov
yvoinov at gmail.com
Fri Jul 22 20:26:35 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
23.07.2016 2:22, Antony Stone пишет:
> On Friday 22 July 2016 at 22:14:36, Yuri Voinov wrote:
>
>> 23.07.2016 2:04, Antony Stone пишет:
>>>
>>> How does this help?
>>
>> Yes, this is idiotic idea :)
>
> Hehe :)
>
>>> If you do not trust people with root access to your machine:
>>>
>>> a) you have lost control
>>
>> Root must be only one (c) :) As I've said.
>
> Well, only one, or at least only the "inner circle"...
>
>> BTW, what secrets can be in squid.conf? :)
>
> Yes, I've wondered (and asked) this too...
>
> Mr. Alzaeem hasn't yet told us why he finds the chmod/chown solution
to be
> inadequate, either.
>
>> ACL's? Just interesting.
>> Custom binary code is another thing, but config(s)?! Hmmmmmmmmmm........
>> Wrong something in the state of Denmark .....
>
> I would very much like to know what Ahmad (Ahmed? - the spelling
differs on
> different emails...) thinks is so sensitive about the contents of his
> squid.conf, especially against users to whom he has given SSH access
to his
> server.
The only really sensitive thing I can see is cachemgr password, which
can be used to stop/reload/etc squid's. But that's all sensitive.
>
>
>
> Antony.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXkoF6AAoJENNXIZxhPexG0e4IAIaYl5DkyCwmKqCkEsPTK6un
48D516vlo2A5H/2yapFbXkGonLOQ3B6NtiUu+KTba5SGj+gDHPBDLqvUy/OShfhC
/aTTx1LOF8JqGMG78jTpBbJeseisq3wyyw3hv8Cd+Ogq4egHtXdGzbFCn6iH18bo
af/YOQbRxpQgctTM9qZuUqR2HQhGiIuv8Y+0q7BDWZQfcsQ2ztaQ/LEvlyQSbeMl
GJg4oXOOb3g9sZ6pASjEvVbzWSigbSwgKipMtr/uzCMniOjJCMhpbmFIPej99Wsz
NkvlEY9UniyVOoCDoFKQBE/umzNdS1edPyZzVYJwwysvX4R96pa8ROV6Uam4TnE=
=YlJ9
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160723/4d9c4cae/attachment.key>
More information about the squid-users
mailing list