It looks to me that the master password file is not being
backed up, please correct me if I'm wrong.
How do we want to deal with that information ?
Shall each primary admin autonomously taking a backup
of that file ? Or should we consider it safe to include
those files in a clear-text backup ? Or shall we
just spread a "master password" to encrypt that file before
backing it up ?
Depends where these plain text backups are kept. If the backups are on a system only accessible to SAC admins, seems fine to be clear text.
If accessbile by many then backing up with master password, or just having sys admins do a manual backup seems sufficient.
I imagine the file doesn't change all that often.
How does this change with your new password directory plan? I assume it would just be a folder instead of a single file.
-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Sandro Santilli
Sent: Monday, October 16, 2017 3:50 AM
To: sac@lists.osgeo.org
Subject: [SAC] Backup of access file ?
It looks to me that the master password file is not being backed up, please correct me if I'm wrong.
How do we want to deal with that information ?
Shall each primary admin autonomously taking a backup of that file ? Or should we consider it safe to include those files in a clear-text backup ? Or shall we just spread a "master password" to encrypt that file before backing it up ?
On Mon, Oct 16, 2017 at 06:09:51AM -0400, Regina Obe wrote:
Depends where these plain text backups are kept. If the backups are on a system only accessible to SAC admins, seems fine to be clear text.
If accessbile by many then backing up with master password, or just having sys admins do a manual backup seems sufficient.
I imagine the file doesn't change all that often.
How does this change with your new password directory plan? I assume it would just be a folder instead of a single file.
Folder instead of single file allows for more fine-grained
permissions, so that someone may be given access to the
password of one service but not of another.
When it comes to backup I guess those permissions flatten
down (ie: whoever can access backups can read all files).
It looks to me that the master password file is not being
backed up, please correct me if I'm wrong.
Sounds plausible - different opinions were, and probably still are
circulating on what to back up.
Shall each primary admin autonomously taking a backup
of that file ?
Yup, from my personal point of view this would be a pragmatic solution.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------