Re: /root/ drwxr-xr-x? possible solution?
El jue, 08-08-2002 a las 13:40, Loren Jordan escribió:
> I'm a little curious where root's custom home brew scripts should be
> put? I can't think of a good reason to make my own
> /usr/local/<something>. Many of my system maintenance scripts have private
> things in them like database passwords and such... Would root's ~/bin not
> be acceptable place for this type of stuff? The names and contents of
> these files are not necessary information for any user on the machine (if
> any) so why not put them in a root:root owned, 700 mode dir such as
> /root/ I can and do chmod 700/500 or 100 these files just for the fun of
> it. Is it needed? Does it help? That is up for debate, just not here...
To stick to the "no-root-login" mood one would set up this scripts in
~/bin of the "sysadmins" account.
> specific IP address blocks and have absolutely NO general user accounts. I
> ssh in as root, do what needs done and then log out. I don't mess around
Problem is, that the remote login procedure can reveal the user
password, at least with dedicated hacking.
Logging in as the "sysadmin" user, then "su" to gain root privileges,
and using the scripts in ~sysadmin/bin would be equivalent, but a
(little) bit more secure, because the password required by su is going
yet over a secured channel.
Better way is to use publickey login, I know.