root / pykota / trunk / SECURITY @ 1328

Revision 1267, 4.6 kB (checked in by jalet, 21 years ago)

Clarification.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1# $Id$
2
3PyKota - Print Quota for CUPS and LPRng
4
5(c) 2003-2004 Jerome Alet <alet@librelogiciel.com>
6This program is free software; you can redistribute it and/or modify
7it under the terms of the GNU General Public License as published by
8the Free Software Foundation; either version 2 of the License, or
9(at your option) any later version.
10
11This program is distributed in the hope that it will be useful,
12but WITHOUT ANY WARRANTY; without even the implied warranty of
13MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14GNU General Public License for more details.
15
16You should have received a copy of the GNU General Public License
17along with this program; if not, write to the Free Software
18Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
19
20====================================================================
21
22  These recommandations are there because as of April 28th 2003
23  PyKota doesn't enforce them. You may or may not follow them,
24  depending on your user's IT knowledge, how much your trust them,
25  etc...
26 
27====================================================================
28
29How to improve PyKota's security :
30----------------------------------
31
32  - Most of the stuff which was there was deleted because PyKota's
33    configuration files permissions should take care of most
34    security problems. BUT of course, you have to set them correctly !
35   
36  - Secure your printer : 
37 
38    Tell it to refuse any print job not coming from your print
39    server.
40   
41    Don't give shell access to your users on your print server,
42    or don't let them execute unauthorized commands : they could
43    very well compile and execute tools like NetCat, and send
44    datas directly to the printer in the case the printer is
45    networked, thus bypassing the printing system and PyKota.
46   
47  - Ensure that no regular user can read PyKota administrator's
48    configuration file, but that both the print quota administrator and
49    the user the printing system is run as can read it. Depending on
50    your system's configuration, this may give something like :
51   
52      $ chown lp.lpadmin /etc/pykota/pykotadmin.conf
53      $ chmod 640 /etc/pykota/pykotadmin.conf
54   
55    If the print quota administrator is root then he will always be
56    able to read PyKota's configuration file.
57   
58    Letting any user read PyKota administrator's configuration file may
59    expose passwords or database information which would allow write
60    access to the database, and so may transform your print quota
61    management in a nightmare.
62 
63    If you want to let users generate their own print quota reports,
64    then ensure that /etc/pykota/pykota.conf is readable by
65    everyone, but writeable only by the root user :
66   
67      $ chown root.root /etc/pykota/pykota.conf
68      $ chmod 644 /etc/pykota/pykota.conf
69     
70    NB : If you use the printquota.cgi CGI script, ensure that
71         the user this script is run as (e.g. nobody or www-data)
72         can read PyKota's configuration file /etc/pykota/pykota.conf
73         BUT can't read PyKota administrator's configuration file
74         /etc/pykota/pykotadmin.conf
75         Refer to Apache's documentation for details.
76 
77  - Secure your database connection :
78 
79    Depending on the database backend used, either PostgreSQL or
80    OpenLDAP, you may have to take additionnal measures to render
81    your database more secure. Please refer to your database system's
82    documentation on configuration to learn how to do so. This is out
83    of the scope of the present document which will only give basic
84    informations.
85   
86    Keep in mind that if you use a centralized database, you may have
87    to restrict which hosts can access to it (i.e. the Print Servers).
88   
89    For the PostgreSQL backend, PyKota already defines a user with
90    read/write access and another user with read-only access to
91    the Print Quota Database. PyKota doesn't set any passwords
92    for these users though, but doing it is recommanded, and
93    explained elsewhere in PyKota's documentation.
94   
95    For the OpenLDAP backend, YOU have to ensure that no regular
96    user can write to any PyKota specific attribute or objectClass.
97    Otherwise they could modify their quota at will.
98   
99    You also have to define two binding DNs in your LDAP tree,
100    one of them should be able to have a read only access to
101    everything. The other one should be able to write, for
102    example your LDAP admin user is fine for this.
103    Now put the readonly user in /etc/pykota/pykota.conf
104    and the read-write one in /etc/pykota/pykotadmin.conf
105   
106====================================================================
Note: See TracBrowser for help on using the browser.