Am 21.11.2014 um 11:55 schrieb Roberto Ragusa:
On 11/21/2014 09:42 AM, Reindl Harald wrote:why? because they are servers for specific tasks and *any* non-root login would be followed by "su - root" anyways and for automated rsync scripts backing up data only root has access you need it alsoFor rsync-as-root use cases my usual approach is to create another account with userid=0 and login with ssh on this account. It is not root, but it has the same powers (because the numeric uid is the only thing it really matters). Just wanted to share the trick
thanks, but that would alert in lynis checks"PermitRootLogin without-password" after setup key-authentication should be the first action anyways - however i am neutral to any default here since on physical machines no problem and most remote machines are setup as virtual machine and so "local access"
the only important thing is to *really* make sure that there was a different account created - otherwise it could lead to a locked out installation in case of network setup after the first boot
______________________________________________________________ Lynis: [+] Users, Groups and Authentication ------------------------------------ - Search administrator accounts [ OK ] - Checking for non-unique UIDs [ OK ] - Checking consistency of group files (grpck) [ OK ] - Checking non unique group ID's [ OK ] - Checking non unique group names [ OK ]
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
