On Sat, December 2, 2006 4:59 pm, Stewart Stremler wrote: > begin quoting Lan Barnes as of Sat, Dec 02, 2006 at 04:12:21PM -0800: >> On Sat, December 2, 2006 8:26 am, Stewart Stremler wrote: > [snip] >> > When has a security person ever been able to trust a corporate user? >> > >> > Sure, they can trust _some_, but they have to set a policy, and the >> > policy has to work for _all_ of their users. Including the idiotic >> > ones, or the forgetful ones ( who walk away from their terminal ), >> etc. >> >> But here's my problem. If the password is in the expect script, then >> they >> have to trust the users to lock up read on the script. > > And you can't lock up read access on a script, as you have to read a > script to execute it, at least on a *nix platform. >
Hmm ... 700 for user root seems pretty tight to me. If anyone can read it, you've got security problems that transcend reading a password. -- Lan Barnes Tcl/Tk Enthusiast SCM Analyst Linux Guy Biodiesel Brewer -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
