Well, most sysadmins that I know, including the sysadmin that is me :),
prefer security in depth and don't want an either-or choice between
application-level and system-level ACLs.
> Note also that newer versions of NUT are dropping ACLs in favor of
> binding to interfaces (with a failsafe default of not binding to any
> interfaces automatically). I believe the rationale was that by binding
> to a specific interface, there is no chance for someone to exploit any
> potential holes in the NUT ACL code.
That's not a meaningful solution for users who want to allow remote access
from certain addresses and only have one interface.
Hi Charles,
Well, most sysadmins that I know, including the sysadmin that is me :),
prefer security in depth and don't want an either-or choice between
application-level and system-level ACLs.
> Note also that newer versions of NUT are dropping ACLs in favor of
> binding to interfaces (with a failsafe default of not binding to any
> interfaces automatically). I believe the rationale was that by binding
> to a specific interface, there is no chance for someone to exploit any
> potential holes in the NUT ACL code.
That's not a meaningful solution for users who want to allow remote access
from certain addresses and only have one interface.