On Fri, Jul 2, 2010 at 11:19 AM, Arthurpeck <[email protected]> wrote: > I think I want to make root the owner and set perms to 600. Two questions, > will that work? And is that a good idea?
It won't work with the normal Solaris TFTP server. It runs with user ID "nobody" and only allows clients to read files that are world-readable, so root+0600 will prevent those files from being read by the TFTP server. nobody+0600 would let the server read the files but it would then refuse to deliver them to the clients that need them. The Linux TFTP server behaves the same way by default but has some options (-p, -u) that can modify that behaviour slightly. If you wanted to do this then 'root' wouldn't be a good choice for the user ID because then you'd have to run the TFTP server as root and that's an unnecessary risk. A better option would be to define a new user account to be used only by the TFTP server and chown the files to that user. Of course the files will still be retrievable by anyone who can connect a TFTP client to this server. This is why if you ever need to offer sensitive data to a DTU via TFTP you must do it over an isolated and physically secure subnet from a system that does not allow TFTP to other subnets (and, if the files are generally readable, the system should allow login access only to trusted users). OttoM. __ Disclaimer: I am employed by Oracle. The statements and opinions expressed here are my own and do not necessarily represent those of Oracle Corporation. _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
