Re: question/suggestion



I guess I didn't make that too clear.  

For 1 I agree as with both you and the other gent who
replied, and in a professional setting I would NEVER
EVER install this tool on there.  (though there are
those who would and I work for a company that is
producing a CIM web-based remote administration tool. 
 

However, my setting is a small 4 system network... 1
my wifes windows box (which sometimes I use because
its in the living room), 2 my workstation, 3 my ip
masquarader hooked up to the cable and 4 my database
server.  Everything I'm doing is to e behind the
masquarade so to speak.

Why I think this would be good for linux/gnome, is
that in mind that corporate IT enviroments really
don't do real security (I've worked at places that had
hundreds of programmers with administrative access to
the source code control database because they didn't
understand security concepts) and prefer easy to good
(explanation for windows in the marketplace and visual
basic), I think this could be a really good rope to
offer even if people hang themselves with it.

The idea is 1> yes something (small foot printed) will
have to run on the remote box.  2> Yes you could
telnet or remote shell, but I'm thinking more of the
"next-generation users of linux" the people who will
be amazed that they can do "find . -iname * -exec
something" from a shell script but will probably look
for a gui tool anyway.  3> I'm thinking of myself when
I'm feeling lazy (my explanation for using guis ever)
and 4> there are new tools coming out every day for
linux, I can NEVER remember all of the command line
interfaces and lets face it, opensource software IS
better, opensource documentation sucks the big one (in
general, there are shining lights), If there is a gui
at least I can find out what the thing does, and then
maybe learn to hack the config file or command line
interface.

The general idea is some sort of user context tool
that lets me bring up say gno-rpm against another
system under a specific user context, this should be
some sort of graphical and utility library available
to all aplications that choose to use it.  The
requisite is I'd probably have to install "little
listener/info service that hackers will probably rape
your system through" on the remote machine.  Anal
administrators like me don't install these things on
critical systems, but might on non-critical systems.  

Why not install X?  Because I'd have to buy lots more
memory and processors for the remote system, where
something like this should have a fairly low
bandwidth.  And secondly, have you ever tried to use X
on a poorly administered or large network?  (most
corporate IT networks fall into one or the other)...  

A not-quite complete example of this kind of tool
would be Microsoft MMC, Tivoli, anything based on CIM.
 What I would say is provide this in context and let
every tool be a universal management tool
(potentially).

-ACO
--- Gordon Messmer <yinyang@eburg.com> wrote:
> 
> On Sun, 6 Aug 2000, Andrew Oliver wrote:
> 
> > 1. Ability to open windows with different
> > context/context managers
> 
> Might be a good idea, but it might also require
> another SUID root
> binary.  The fewer of those I have on my system, the
> better I feel.
> 
> I can only really see developers needing to do lots
> of testing, and for
> them, the best options are probably a nested X
> server of one type or
> another.  XFree86-Xnest or Xvnc are good options.
> 
> > 2. Cross-machine context.
> > 2. Mainly this would help administrators.  I for
> one
> > HATE installing X on a real server!  Secondly I
> loathe
> > installing X on a firewall/router type server.  It
> > WOULD be nice however to somehow run software
> against
> > that machine.
> 
> You don't want to install the X server, or you don't
> want to install the X
> libraries?  _Something_ has to be installed on that
> machine you want
> remote access to. If, for instance, you want a GUI
> configuration tool for
> the config files, you're either going to have to
> install Xlibs, gnome
> libs and the GNOME tool to edit the files, or you're
> going to have to
> install some kind of specialized server to modify
> those files and
> interface with your GUI system.  That server is
> going to open up more
> ports, and become another point of attack.  From a
> security standpoint,
> SSH and some tools that aren't SUID root are a much
> better way to go, even
> if they're a few more MB in size.
> 
> > it would be nice to just open a capplet or
> > control-panel or whatever under root@linux1 (from
> > linux2)
> 
> ssh root@linux1 mohawk
> 
> Should get you a secure, possibly compressed,
> session to do what you
> want. (Mohawk is the name of the upcoming apache
> config tool, isn't it? I
> don't recall, exactly)
> 
> MSG
> 
> 
> 
> _______________________________________________
> gnome-devel-list mailing list
> gnome-devel-list@gnome.org
>
http://mail.gnome.org/mailman/listinfo/gnome-devel-list


__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]