[IRCServices] Services 4.5pre2 released
Andrew Church
achurch at achurch.org
Mon Feb 5 07:48:54 PST 2001
>You mean there isn't a safeguard on the root nick pw? Shows how much I pay
>attention. Looks like I'll be rotating my password more often till there is.
One thing you need to do less of is listen to rumors and RTFM more.
>From the README:
> In an effort to prevent highly privileged accounts being compromised
>by the use of commands available to other highly privileged accounts,
>Services limits the use of certain commands reserved for Services admins.
>Services admins can not use the commands GETPASS, SET PASSWORD, FORBID or
>DROP on another Services admin. Only the Services root has these
>abilities.
Of course, if they SU (which means they know the password, which means YOU
gave it to them) then they can get passwords. Which brings me to my other
point:
For God's sake, people, TAKE SOME RESPONSIBILITY ALREADY! Or don't
be an administrator, if you can't handle giving out privileges
responsibly. YES, if you allow other people root privileges they can
wreak havoc with Services. That's the WAY THINGS ARE. If you don't like
that then don't set a password for crying out loud.
>Will there be a way to disable the SU command?
RTFM and/or see above; there already is. I don't even know why I'm
replying to this.
--Andrew Church
achurch at achurch.org | New address - please note.
http://achurch.org/ | $B%a!<%k%"%I%l%9$,JQ$o$j$^$7$?!#(B