Now I am going to provide a wrapped interface based on staf to allow dozens
of people to invoke process on remote host and copy files/directories among
remote hosts. For users want to run program as their own's account, staf is
installed as root account that can invoke processes as account specified by
user . But installing staf as root has a huge risk of security. Users may
use staf to run a harmful command or copy some dangerous files to remote
To resolve process service's risk, I can add a restriction to my interface
that user must specify an account and must not be root. But when it come to
fs service, for copy opreations may execute on remote host, it's not easy to
check if user have access to destination location. So I am thinking about if
I should develop a mechanism to add security check for fs service. Does
anybody have some suggestion for me?
Get latest updates about Open Source Projects, Conferences and News.