#7606 NORM xs-0.4: Confine DS-backup ssh+rsync
Zarro Boogs per Child
bugtracker at laptop.org
Tue Aug 12 02:04:34 EDT 2008
#7606: Confine DS-backup ssh+rsync
------------------------------+---------------------------------------------
Reporter: martinlanghoff | Owner: douglas
Type: enhancement | Status: assigned
Priority: normal | Milestone: xs-0.4
Component: school server | Version: not specified
Resolution: | Keywords: ds-backup
Next_action: never set | Verified: 0
Blockedby: | Blocking:
------------------------------+---------------------------------------------
Changes (by martin.langhoff):
* cc: martin.langhoff (added)
Comment:
Hi Chris - for now at least...
- There's nothing in the XS for kids that can be used via shell.
- XS provides infrastructure, so we don't want them to experiment with it
as they are likely to unknowingly mess up everyone's access.
- The "admins" of the machine are the NOC, not the teacher, so it is fair
to assume that they know linux.
- We hand out an account to anyone who does an XML-RPC dance with us.
With the last point in mind, I want to limit the access that a user
created with a weakly authenticated mechanism has. Privilege escalation
bugs are a serious concern.
If we later provide facilities to be explored via shell, we'll revisit
this. In the meantime, they have their own Linux machine to play with,
with the advantage that if a kid messes up, it only affects that kid and
his/her files are hopefully backed up so can be retrieved after a reflash.
--
Ticket URL: <http://dev.laptop.org/ticket/7606#comment:7>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list