Root access (was RE: which prebuilt linux boxes seem to work best?)
Brent Harding
bharding at ufw2.com
Wed Oct 25 21:05:27 EDT 2000
I suppose nothing is wrong with telnet and getting in as su, but the fact
that the sysadmin would have to share the root password with all the
admins, but I'd think ssh could solve that, he'd just give each one a
different key on a disk or something, and everyone would be in as root who
had one of the valid keys.
At 06:03 PM 10/25/00 +1100, you wrote:
>How about this: use ssh and permit root logins with it. That way
>if you do have to come in as root remotely you can do it encrypted.
>You can use options in /etc/ssh/config to allow only validated hosts in i.e.
>certain ips with keys that are known to the server or certain hosts keys.
>you can't telnet in as root normall unless you add all pseudo ttys to
>/etc/securetty. What's wrong with telnetting in as a normal user and
>runnin su?
>Regards, Kerry.
>On Mon, Oct 23, 2000 at 08:55:11PM -0500, Brent Harding wrote:
>> There's no securetty that'd work remotely, I'm sure because it doesn't
>> allow you to use an ip address. I'm sure eth0 doesn't count, as it's not
>> really considered a device file in /dev. I'm not fond of the idea of
>> multiple root privileged users, especially if it's not really needed.
>> At 05:08 PM 10/23/00 +1100, you wrote:
>> >On Sun, 22 Oct 2000, Brent Harding wrote:
>> >
>> >> What access does the root group give? Setting up virtual hosts, or
whatever
>> >> involves a lot of access, depending which virtual service one is using,
>> >
>> >This would vary from system to system, depending on what files belong to
>> >the root group and the permissions on those files.
>> >
>> >> unless there were a script out that I could be given access to to get
all
>> >> of it done that'd run as root.
>> >
>> >You could do this, but it'd be up to the sysadmin to do this.
>> >
>> >> Wouldn't it take the luck of the draw, for say the admin gives the
access
>> >> to /dev/pts/0 and someone else is logged in to that, so my connection
could
>> >> be pts/4 or 5 depending who's on? I'd some how have to move them to
another
>> >> device so I could get my privileges.
>> >
>> >Yes, which is why you wouldn't ever put a pts device in
>> >/etc/securetty. And the sysadmin would still have to give out the root
>> >account's password to you. In fact, if I were a sysadmin, I'd consider
>> >clearing out /etc/securetty altogether so no one could login directly as
>> >root, meaning that everyone would either have to know both a user name and
>> >password and the root password, or have access to sudo as a user. Sounds
>> >much more secure.
>> >
>> >Geoff.
>> >
>> >
>> >
>> >
>> >--
>> >Geoff Shang <gshang10 at scu.edu.au>
>> >ICQ number 43634701
>> >
>> >
>> >_______________________________________________
>> >Speakup mailing list
>> >Speakup at braille.uwo.ca
>> >http://speech.braille.uwo.ca/mailman/listinfo/speakup
>> >
>> >
>> >
>>
>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>--
>--
>Kerry Hoath: kerry at gotss.eu.org
>Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
>ICQ UIN: 62823451
>
>
>_______________________________________________
>Speakup mailing list
>Speakup at braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
>
More information about the Speakup
mailing list