Re: ssh and root
-----BEGIN PGP SIGNED MESSAGE-----
Vineet Kumar <firstname.lastname@example.org> writes:
> * Robert Epprecht (email@example.com) [011208 02:31]:
> > I need ssh to access some cvs servers. As the files are stored locally
> > below /usr/local/ and ordinary users have no write access there I called
> > ssh-keygen as root. But now I have my doubts if this was The Right
> > Thing to do regarding security. I *do* trust the cvs servers in
> > question and am not paranoid about security, but I do want a reasonable
> > security level. Comments welcome.
> Rather than root, add your user account to group staff. This gives
> you access to /usr/local.
That would indeed be a lot better than ssh'ing in as root. I believe
the default setup doesn't even let you (or was that a configuration
> It should be noted, though, that this account
> becomes stronger than you can possibly imagine. (Well, not really, but
> it's easy for it to get root). One prime example of this is that
> /usr/local/sbin and /usr/local/bin come first in root's path.
On my machine these come last by default(!) when I su
frodo:/home/user# echo $PATH
and they are not even there when logging in as root
frodo login: root
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
frodo:~# echo $PATH
Besides, when r00t you use full pathnames, not?
Olaf Meeuwissen Epson Kowa Corporation, Research and Development
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
LPIC-2 -- I hack, therefore I am -- BOFH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>
-----END PGP SIGNATURE-----