From 646b92e39c7b46b706de364c2d1d22c7849e5036 Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Wed, 29 Oct 2014 15:17:21 -0700 Subject: pinyadmin: bash -r -> ksh -r because the bash people apparently like to deprecate security features without bothering to tell anyone --- docs/architecture/needed_admin_infrastructure.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/architecture/needed_admin_infrastructure.mdwn') diff --git a/docs/architecture/needed_admin_infrastructure.mdwn b/docs/architecture/needed_admin_infrastructure.mdwn index 59365c2..f6a3831 100644 --- a/docs/architecture/needed_admin_infrastructure.mdwn +++ b/docs/architecture/needed_admin_infrastructure.mdwn @@ -1,6 +1,6 @@ - DONE: HTTP AUTH from PAM through the magic of mod-auth-pam - DONE: HTTP access from /etc/group through the magic of mod-auth-sys-group -- DONE: Shell security through rbash and privilege escalation security (for mkwiki, mkuser, etc) through sudo +- DONE: Shell security through a restricted shell and privilege escalation security (for mkwiki, mkuser, etc) through sudo - DONE: Guaranteed namespace coherence with the vhosting of cgi, secure, and normal with the aid of a wildcard SSL certificate - TODO: Work out how to pass mailing list emails around. Probably either ssh or vserver namespace magic. - DONE: manual [[setup file overrides]], /etc/ikiwiki/piny/$reponame.setup.pl, included directly with 'do' before dumping state. -- cgit v1.2.3