From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from executioner.lis.net.au([203.35.83.3]) (5206 bytes) by braille.uwo.ca via smail with P:esmtp/D:aliases/T:pipe (sender: ) id for ; Wed, 25 Oct 2000 22:05:46 -0400 (EDT) (Smail-3.2.0.102 1998-Aug-2 #2 built 1999-Sep-5) Received: from uucp by executioner.lis.net.au with local-rmail (Exim 2.05 #1) id 13ocQL-0000A8-00 (Debian); Thu, 26 Oct 2000 13:05:45 +1100 Received: from kerry by gotss.eu.org with local (Exim 3.12 #1) id 13ocIh-0001JA-00 (Debian); Thu, 26 Oct 2000 12:57:51 +1100 Date: Thu, 26 Oct 2000 12:57:51 +1100 From: Kerry Hoath To: speakup@braille.uwo.ca Subject: Re: Root access (was RE: which prebuilt linux boxes seem to work best?) Message-ID: <20001026125751.D4912@gotss.eu.org> References: <3.0.6.32.20001023205511.007d1db0@mail.ufw2.com> <3.0.6.32.20001022185041.007cfaa0@mail.ufw2.com> <3.0.6.32.20001023205511.007d1db0@mail.ufw2.com> <20001025180357.A642@gotss.eu.org> <3.0.6.32.20001025200527.007e0100@mail.ufw2.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0.1i In-Reply-To: <3.0.6.32.20001025200527.007e0100@mail.ufw2.com>; from bharding@ufw2.com on Wed, Oct 25, 2000 at 08:05:27PM -0500 List-Id: You probably won't be given the root password on the box you don't need root for virtual hosting and until you learn Linux no sys admin is going to give you the root password and probably not in the first 3 months at least. On Wed, Oct 25, 2000 at 08:05:27PM -0500, Brent Harding wrote: > I suppose nothing is wrong with telnet and getting in as su, but the fact > that the sysadmin would have to share the root password with all the > admins, but I'd think ssh could solve that, he'd just give each one a > different key on a disk or something, and everyone would be in as root who > had one of the valid keys. > At 06:03 PM 10/25/00 +1100, you wrote: > >How about this: use ssh and permit root logins with it. That way > >if you do have to come in as root remotely you can do it encrypted. > >You can use options in /etc/ssh/config to allow only validated hosts in i.e. > >certain ips with keys that are known to the server or certain hosts keys. > >you can't telnet in as root normall unless you add all pseudo ttys to > >/etc/securetty. What's wrong with telnetting in as a normal user and > >runnin su? > >Regards, Kerry. > >On Mon, Oct 23, 2000 at 08:55:11PM -0500, Brent Harding wrote: > >> There's no securetty that'd work remotely, I'm sure because it doesn't > >> allow you to use an ip address. I'm sure eth0 doesn't count, as it's not > >> really considered a device file in /dev. I'm not fond of the idea of > >> multiple root privileged users, especially if it's not really needed. > >> At 05:08 PM 10/23/00 +1100, you wrote: > >> >On Sun, 22 Oct 2000, Brent Harding wrote: > >> > > >> >> What access does the root group give? Setting up virtual hosts, or > whatever > >> >> involves a lot of access, depending which virtual service one is using, > >> > > >> >This would vary from system to system, depending on what files belong to > >> >the root group and the permissions on those files. > >> > > >> >> unless there were a script out that I could be given access to to get > all > >> >> of it done that'd run as root. > >> > > >> >You could do this, but it'd be up to the sysadmin to do this. > >> > > >> >> Wouldn't it take the luck of the draw, for say the admin gives the > access > >> >> to /dev/pts/0 and someone else is logged in to that, so my connection > could > >> >> be pts/4 or 5 depending who's on? I'd some how have to move them to > another > >> >> device so I could get my privileges. > >> > > >> >Yes, which is why you wouldn't ever put a pts device in > >> >/etc/securetty. And the sysadmin would still have to give out the root > >> >account's password to you. In fact, if I were a sysadmin, I'd consider > >> >clearing out /etc/securetty altogether so no one could login directly as > >> >root, meaning that everyone would either have to know both a user name and > >> >password and the root password, or have access to sudo as a user. Sounds > >> >much more secure. > >> > > >> >Geoff. > >> > > >> > > >> > > >> > > >> >-- > >> >Geoff Shang > >> >ICQ number 43634701 > >> > > >> > > >> >_______________________________________________ > >> >Speakup mailing list > >> >Speakup@braille.uwo.ca > >> >http://speech.braille.uwo.ca/mailman/listinfo/speakup > >> > > >> > > >> > > >> > >> > >> _______________________________________________ > >> Speakup mailing list > >> Speakup@braille.uwo.ca > >> http://speech.braille.uwo.ca/mailman/listinfo/speakup > > > >-- > >-- > >Kerry Hoath: kerry@gotss.eu.org > >Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or khoath@lis.net.au > >ICQ UIN: 62823451 > > > > > >_______________________________________________ > >Speakup mailing list > >Speakup@braille.uwo.ca > >http://speech.braille.uwo.ca/mailman/listinfo/speakup > > > > > > > > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup -- -- Kerry Hoath: kerry@gotss.eu.org Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or khoath@lis.net.au ICQ UIN: 62823451