Automatic administration requiring root privileges

M

mefizto

Greetings all,

Many resources advise to disable remote login as root, advocating login as a user and then issue su for security reasons.

I am wondering how an automated administration requiring a root privileges is handled? For example automatic back-up of a plurality of personal computers?

Kindest regards,

M
 
mefizto said:
I am wondering how an automated administration requiring a root privileges is handled? For example automatic back-up of a plurality of personal computers?
Click to expand...
Most use security/sudo combined with public/private key authentication.
 
A non-root user that is is member of the group operator can create a backup with dump(8)
Why?
Because the device nodes for the disk are created with read privilege for the operator group
Code: 
$ ls -l /dev | grep operator

crw-r-----  1 root  operator    0,  88 Feb  4 21:06 ada0
crw-r-----  1 root  operator    0,  90 Feb  4 21:06 ada1
crw-r-----  1 root  operator    0, 115 Apr  7 16:01 ada1s1
crw-r-----  1 root  operator    0, 121 Apr  7 16:01 ada1s1a
crw-r-----  1 root  operator    0, 123 Apr  7 16:01 ada1s1b
crw-r-----  1 root  operator    0, 125 Apr  7 16:01 ada1s1d
crw-r-----  1 root  operator    0, 117 Apr  7 16:01 ada1s2
crw-r-----  1 root  operator    0, 127 Apr  7 16:01 ada1s2a
crw-r-----  1 root  operator    0, 129 Apr  7 16:01 ada1s2b
crw-r-----  1 root  operator    0, 131 Apr  7 16:01 ada1s2d
crw-r-----  1 root  operator    0, 133 Apr  7 16:01 ada1s2e
crw-r-----  1 root  operator    0, 135 Apr  7 16:01 ada1s2f
crw-r-----  1 root  operator    0, 119 Apr  7 16:01 ada1s3
crw-r-----  1 root  operator    0,   3 Feb  4 21:06 geom.ctl
crw-------  1 root  operator    0,  86 Feb  4 21:06 pass0
crw-------  1 root  operator    0,  87 Feb  4 21:06 pass1
crw-r--r--  1 root  operator    0,  63 Feb  4 21:06 usbctl
crw-------  1 root  operator    0,  64 Feb  4 21:06 xpt0
 
Gentlemen,

thank you for the replies.

SirDice,

if I understand you correctly, the script logs in a user using public/private key and then uses sudo, which is limited to only certain tasks. Can you please confirm?

J65nko,

agreed, but my hypothetical was just an example.

Kindest regards,

M
 
mefizto said:
if I understand you correctly, the script logs in a user using public/private key and then uses sudo, which is limited to only certain tasks. Can you please confirm?
Click to expand...
Yes, that's the idea.
 
You must log in or register to reply here.
Back
Top