[TAG] (forw) Re: (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1
keesan at grex.cyberspace.org
Mon Jan 29 06:36:27 MSK 2007
On Sun, 28 Jan 2007, Rick Moen wrote:
> Quoting Sindi Keesan (keesan at grex.cyberspace.org):
> [running routinely as root:]
>> So it is not obvious.
> Please understand I have nothing particularly to gain from convincing
> you, so basically you're going to have to figure this out on your own.
> You might wish to read "Firewalls" on http://linuxmafia.com/kb/Security/,
> which links to the complete 1994 book text of Cheswick & Bellovin's
> classic "Firewalls and Internet Security: Repelling the Wily Hacker",
> first edition, which explains basic principles of security such as why
> you want to always run processes with the minimum possible authority.
>> I don't have enough background to understand 99% of what is in manpages
>> starting with the vocabulary, and this one was about 100 pages long.
> _Obviously_ you don't read the whole thing. Looking up and
> understanding the options I cited would take you all of 15 minutes.
But I don't understand the words they are using to explain the concepts.
The only computer course I ever took was Fortran IV. I will try to start
with some basic reading. I am not trying to be a system administrator,
just to put together something I can use myself.
>>> You should re-read the explanation of why scanning a host from itself
>>> would normally be pointless.
>> I tried to scan from a website
> That would be pointless for two different reasons: (1) Results would
> often be inherently meaningless because of port-blocking, proxying,
> etc., between you and the Web site. (2) You have no control or
> knowledge of how they're implementing their scans, and cannot know
> whether what they're doing is meaningless junk -- as is generally the
> case, with, e.g., Gibson Research's "Shields Up" site, for example.
If I cannot scan from my own computer or while online, how do I scan?
>> Our linux was designed to be used as root.
> Which is a bad design, ab initio. Again, I have nothing to gain from
> convincing you of this. However, I _can_ avoid wasting my time helping
> you tweak a setup I regard as misbegotten in the first place.
>> Is this discussion online so other users of our linux can read it and
> Ben would have to explain to you why our mailing list archive isn't
> accessible to the general public, since for the life of me I cannot.
Okay. If you want to read our discussions of nmap and security bugs
search on basiclinux archives for Jan 2007.
More information about the TAG