[p4] super for remote users?
G. Matthew Rice
matt at starnix.com
Mon Nov 13 15:45:59 PST 2006
"David Alban" <dalban at stubhub.com> writes:
> super group p4admin 127.0.0.1 //...
> Do you think allowing super only on localhost is too restrictive /
> paranoid? Should folks in p4admin have super from remote hosts too?
I don't think that it's too paranoid.
As an admin and a developer, I make certain that I can't accidentally do a
'p4 admin stop' while working (well, that's an extreme example but...).
The nice thing about the localhost rule is also that, if you ever want to
bring down the server for admin but still need to do p4 commands, you can
restart the server with P4PORT=localhost:xxx and know that no one will be
doing anything (well, you can do it anyway but that's how I usually sell the
idea to people).
At least, with the localhost rule, you know that only people with access to
the whole server will be doing admin stuff. It's too easy to get P4PASSWDs.
g. matthew rice <matt at starnix.com> starnix, toronto, ontario, ca
phone: 647.722.5301 x242 gpg id: EF9AAD20
http://www.starnix.com professional linux services & products
More information about the perforce-user