From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <25413ef6390cc3ab161c15b360c15427@bellsouth.net>
To: 9fans@9fans.net
Date: Sun, 17 Oct 2010 16:40:00 -0400
From: blstuart@bellsouth.net
In-Reply-To: <621112A569DAE948AD25CCDCF1C075332999FE@dolly.ntdom.cupdx>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] permissions
Topicbox-Message-UUID: 6891f3e2-ead6-11e9-9d60-3106f5b1d025

> Chicken-and-egg, just like you said.  Of course, that lands us in the current
> situation, where you can't tweak things such that 100% of all administration
> activities can be performed remotely via drawterm... for some stuff like setting
> up disks, one still has to use the local physical terminal.

That starts to get into almost philosophical security issues.
To some extent I consider this a good thing.  Physical access
is the ultimate privilige, so you need to physically protect
your data to the extent that it's worth to you.  If you've
got physical protection anyway, then making physical access
be required to do potentially destructive administration
means you only one one avenue of compromise instead of
physical and network.

Having said that, because I have a combined CPU/auth/file
server, I can, and sometimes do, cpu into it as the host
owner and do administrative things that way.

BLS