[rt-users] Couple of RT questions

Anil Madhavapeddy anil at recoil.org
Fri May 5 06:43:16 EDT 2000


Hi all,

I've finished deploying RT-1 for my company sysadmins to organise
themselves with, and it's been a resounding success ... thanks again
to you guys for this product!

A couple of questions I have:

o There doesn't appear to be any command-line security (anyone
  who has access to execute the command can manipulate the queues).
  I tried chmod-ing the suid_wrapper to not allow global execution,
  but then the web-server fails to execute it.

  Would changing the group to the webserver's group and allow group 
  execution be sufficient to secure this off, or is it vital that 
  the commands to be executed by anyone?

  My mail daemon is exim, and so I am circumventing the suid_wrapper
  as suggested by the exim instructions in the contrib directory.

  I assume that the authentication is the responsibility of the UI,
  is that correct?

o When using the web interface, I try to bookmark some locations
  (such as the direct ticket display, or a predefined queue view).
  However, if I try to access that before I authenticate, the 
  authenticate screen comes up, but after authentication it reverts
  to the default queue view.

  Requesting the URL again after successful authentication results
  in the correct screen being displayed, but I'm wondering why it
  doesn't work directly ?

Thanks,
Anil





More information about the rt-users mailing list