[57north-discuss] SSH access to doorbot + hosting stuff in the space

[Robert McWilliam]

On Wed, Jan 14, 2015 at 08:40:23AM +0000, Andrea Faulds wrote:
>  I don’t think allowing access to doorbot is bad, allowing *sudo*
> access is. If it weren’t for sudo access, I wouldn’t have been able
> to do `sudo killall sshd`. (Again, I’m really sorry about that.)
>
<snip>
>  One option would just be to run all the toys in a VM on doorbot and
> give people access to the VM. It’d be slow, sure, but none of this
> stuff really needs to be ultra-fast, and if someone screws up, only
> the toys are lost.

Sorry for the slow response, I'm slowly catching up on emails...

There is a lot you can do to mess up a machine without root
privileges if you can run arbitrary code. 

VMs are a nice way to keep things in a properly managed jail but I
haven't seen any VM tech that would have an easy way to give access to
hardware (usually USB devices for what we've been using up to now)
without giving access to all the devices which could let you break
(current) doorbot.

Basically, setting up stuff so that we can have "playing" on doorbot with
any confidence that such playing can't break door access is more faff
than I can be bothered with. I'd rather just use another machine that
we're not relying on for playing. If someone else has a sane plan to
set up jails of some description on doorbot and really wants to do
that I could probably be convinced to give you access to do it.   

Robert
________________________________________________________
Robert McWilliam     rmcw at allmail.net    www.ormiret.com

Unix is user friendly - it's just picky about it's friends.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.57north.co/pipermail/57north-discuss/attachments/20150117/58570d9b/attachment.sig>