Root access (was RE: which prebuilt linux boxes seem to work best?)

Kerry Hoath kerry at gotss.eu.org
Wed Oct 25 21:57:51 EDT 2000


You probably won't be given the root password on the box you don't need root
for virtual hosting and until you learn Linux
no sys admin is going to give you the root password and probably not in the first
3 months at least.
On Wed, Oct 25, 2000 at 08:05:27PM -0500, Brent Harding wrote:
> I suppose nothing is wrong with telnet and getting in as su, but the fact
> that the sysadmin would have to share the root password with all the
> admins, but I'd think ssh could solve that, he'd just give each one a
> different key on a disk or something, and everyone would be in as root who
> had one of the valid keys.
> At 06:03 PM 10/25/00 +1100, you wrote:
> >How about this: use ssh and permit root logins with it. That way
> >if you do have to come in as root remotely you can do it encrypted.
> >You can use options in /etc/ssh/config to allow only validated hosts in i.e.
> >certain ips with keys that are known to the server or certain hosts keys.
> >you can't telnet in as root normall unless you add all pseudo ttys to 
> >/etc/securetty. What's wrong with telnetting in as a normal user and
> >runnin su?
> >Regards, Kerry.
> >On Mon, Oct 23, 2000 at 08:55:11PM -0500, Brent Harding wrote:
> >> There's no securetty that'd work remotely, I'm sure because it doesn't
> >> allow you to use an ip address. I'm sure eth0 doesn't count, as it's not
> >> really considered a device file in /dev. I'm not fond of the idea of
> >> multiple root privileged users, especially if it's not really needed.
> >> At 05:08 PM 10/23/00 +1100, you wrote:
> >> >On Sun, 22 Oct 2000, Brent Harding wrote:
> >> >
> >> >> What access does the root group give? Setting up virtual hosts, or
> whatever
> >> >> involves a lot of access, depending which virtual service one is using,
> >> >
> >> >This would vary from system to system, depending on what files belong to
> >> >the root group and the permissions on those files.
> >> >
> >> >> unless there were a script out that I could be given access to to get
> all
> >> >> of it done that'd run as root.
> >> >
> >> >You could do this, but it'd be up to the sysadmin to do this.
> >> >
> >> >> Wouldn't it take the luck of the draw, for say the admin gives the
> access
> >> >> to /dev/pts/0 and someone else is logged in to that, so my connection
> could
> >> >> be pts/4 or 5 depending who's on? I'd some how have to move them to
> another
> >> >> device so I could get my privileges.
> >> >
> >> >Yes, which is why you wouldn't ever put a pts device in
> >> >/etc/securetty.  And the sysadmin would still have to give out the root
> >> >account's password to you.  In fact, if I were a sysadmin, I'd consider
> >> >clearing out /etc/securetty altogether so no one could login directly as
> >> >root, meaning that everyone would either have to know both a user name and
> >> >password and the root password, or have access to sudo as a user.  Sounds
> >> >much more secure.
> >> >
> >> >Geoff.
> >> >
> >> >
> >> >
> >> >
> >> >-- 
> >> >Geoff Shang <gshang10 at scu.edu.au>
> >> >ICQ number 43634701
> >> >
> >> >
> >> >_______________________________________________
> >> >Speakup mailing list
> >> >Speakup at braille.uwo.ca
> >> >http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >> >
> >> >
> >> >
> >> 
> >> 
> >> _______________________________________________
> >> Speakup mailing list
> >> Speakup at braille.uwo.ca
> >> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
> >-- 
> >--
> >Kerry Hoath: kerry at gotss.eu.org
> >Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
> >ICQ UIN: 62823451
> >
> >
> >_______________________________________________
> >Speakup mailing list
> >Speakup at braille.uwo.ca
> >http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
> >
> >
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
--
Kerry Hoath: kerry at gotss.eu.org
Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
ICQ UIN: 62823451





More information about the Speakup mailing list