IKSD from a user account? - Protocols

This is a discussion on IKSD from a user account? - Protocols ; I've been looking into running IKSD as a regular user instead of as root for security reasons. For example like Squid starts up as "root" but runs all its' other processes as user "squid", same with Apache and user "apache". ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: IKSD from a user account?

  1. IKSD from a user account?

    I've been looking into running IKSD as a regular user instead of as
    root for security reasons. For example like Squid starts up as "root"
    but runs all its' other processes as user "squid", same with Apache
    and user "apache". I also want to give incoming connections
    "anonymous" access over some sort of secure tunnel for download
    only. I know about sftp, scp - I don't want those - I want Kermit 95
    or c-kermit on the client side for the robust scripting. I will have
    complete control over the client and server side of this application.

    Is this possible? I've read through what I can find so far on The
    Kermit Project web pages but nothing jumped out that let me know I
    can do this. So, I'll ask here for a URL if this can be done and the
    URL to a HOWTO exists. Of course a concise explanation in the group
    will work as well.

    I did find a post by Jeffrey Altman in a Google Groups search about
    running C-Kermit and then using the "SET SERVER ..." command. That is
    not what I want although I will use it as a last resort.

    TIA!
    Gene (e-mail: gene \a\t eracc \d\o\t com)
    --
    Linux era4.eracc.UUCP 2.4.22-28mdkenterprise i686
    11:04:34 up 237 days, 5:08, 17 users, load average: 0.00, 0.01, 0.00
    ERA Computer Consulting - http://www.eracc.com/
    eCS, OS/2, Mandrake GNU/Linux, OpenServer & UnixWare resellers


  2. Re: IKSD from a user account?

    IKSD does not have any secondary processes. IKSD must be able to
    switch to the userid of the authenticated and authorized user
    in order to access the filesystem as the user. It would certainly
    be possible to re-architect C-Kermit to allow login to be performed
    and then have a user process be kicked off but I am not going to be
    the one to do the work.

    You can always run C-Kermit as an OpenSSH subsystem.

    http://www.kermit-project.org/skermit.html



    ERACC wrote:

    > I've been looking into running IKSD as a regular user instead of as
    > root for security reasons. For example like Squid starts up as "root"
    > but runs all its' other processes as user "squid", same with Apache
    > and user "apache". I also want to give incoming connections
    > "anonymous" access over some sort of secure tunnel for download
    > only. I know about sftp, scp - I don't want those - I want Kermit 95
    > or c-kermit on the client side for the robust scripting. I will have
    > complete control over the client and server side of this application.
    >
    > Is this possible? I've read through what I can find so far on The
    > Kermit Project web pages but nothing jumped out that let me know I
    > can do this. So, I'll ask here for a URL if this can be done and the
    > URL to a HOWTO exists. Of course a concise explanation in the group
    > will work as well.
    >
    > I did find a post by Jeffrey Altman in a Google Groups search about
    > running C-Kermit and then using the "SET SERVER ..." command. That is
    > not what I want although I will use it as a last resort.
    >
    > TIA!
    > Gene (e-mail: gene \a\t eracc \d\o\t com)


    --
    -----------------
    This e-mail account is not read on a regular basis.
    Please send private responses to jaltman at mit dot edu

  3. Re: IKSD from a user account?

    ERACC wrote in message news:<2tsr6nF24redcU1@uni-berlin.de>...
    > I've been looking into running IKSD as a regular user instead of as
    > root for security reasons. For example like Squid starts up as "root"
    > but runs all its' other processes as user "squid", same with Apache
    > and user "apache". I also want to give incoming connections
    > "anonymous" access over some sort of secure tunnel for download
    > only. I know about sftp, scp - I don't want those - I want Kermit 95
    > or c-kermit on the client side for the robust scripting. I will have
    > complete control over the client and server side of this application.
    >
    > Is this possible? I've read through what I can find so far on The
    > Kermit Project web pages but nothing jumped out that let me know I
    > can do this. So, I'll ask here for a URL if this can be done and the
    > URL to a HOWTO exists. Of course a concise explanation in the group
    > will work as well.
    >
    > I did find a post by Jeffrey Altman in a Google Groups search about
    > running C-Kermit and then using the "SET SERVER ..." command. That is
    > not what I want although I will use it as a last resort.
    >
    > TIA!
    > Gene (e-mail: gene \a\t eracc \d\o\t com)


    I'm not sure I understand exactly what you mean, but we use C-Kermit
    on Linux and Unix machines to exchange data (flat ascii files) with
    remote K95 machines. This is a fully scripted exchange, which can be
    initiated by either the scheduler or clicking on an icon at the remote
    end. The login to the *n?x machine is by straight dial-up, by Telnet,
    or SSH (telnet or ssh usually over the open internet.) Login(s) are
    either to a unique user for each remote site or to a system wide user,
    based on customer preference. The login launches c-kermit in server
    mode pointing at the server side exchange directory. The K95 script
    sends and gets selected files, deleting the files on the source end on
    successful transmission. SSH does pretty good security for the
    paranoid. We have been using this basic method since 1991. In the
    early days Unix c-kermit was 300K and Procomm fit on 1 diskette. We
    switched over to K95 to take advantage of SSH, run supported on WXP,
    and get back to single threaded scripts. The dead simple approach
    gives us lots of flexibility and portability and seems to be
    absolutely reliable. Hope this is of some help. Can provide more
    details if you think they would help.
    Regards…Dan.

  4. Re: IKSD from a user account?

    On Fri, 22 Oct 2004 17:23:57 +0000, Jeffrey Altman wrote:

    > ERACC wrote:
    >
    >> I've been looking into running IKSD as a regular user instead of as
    >> root for security reasons. For example like Squid starts up as "root"
    >> but runs all its' other processes as user "squid", same with Apache
    >> and user "apache". [...]

    >
    > IKSD does not have any secondary processes. IKSD must be able to
    > switch to the userid of the authenticated and authorized user
    > in order to access the filesystem as the user. It would certainly
    > be possible to re-architect C-Kermit to allow login to be performed
    > and then have a user process be kicked off but I am not going to be
    > the one to do the work.
    >
    > You can always run C-Kermit as an OpenSSH subsystem.
    >
    > http://www.kermit-project.org/skermit.html


    Hmmm. Ok, I'll look into implementing this. The client is going to
    have about 200 remote locations hitting this over the internet for
    pricing downloads daily. I hope I can do it with this solution. I'd
    really like to get a 200 site license sale for The Kermit Project.
    You guys have been great with solutions to my data x-fer needs over
    the years. ;-)

    Gene (e-mail: gene \a\t eracc \d\o\t com)
    --
    Linux era4.eracc.UUCP 2.4.22-28mdkenterprise i686
    19:21:20 up 238 days, 13:25, 17 users, load average: 0.00, 0.00, 0.00
    ERA Computer Consulting - http://www.eracc.com/
    eCS, OS/2, Mandrake GNU/Linux, OpenServer & UnixWare resellers


+ Reply to Thread