l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2002 Nov 17 07:05

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] SSH Login
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] SSH Login



On Thu, 14 Nov 2002, karthikeyan wrote:

> Hi,
> 
>   Thanks for your kind reply.  I m sure users created through
> 
>   $ useradd <username>
> 
>   are not able to do an ssh except for root.
> 
>   Oh you suggest me not to log in as root but how do I create another user
> who has
> 
>   + equivalent privileges as root i.e [karthik] and
>   + one more user who has less power than  [karthik] but just enough to
> install small small modules.
> 
>   My friend is running an hosting business and he has some 100 users but
> they cant do ssh login for sure and those user were created through these
> simple commands only.
> 
>  $ useradd <username>
>  $ passwd <username>
>  $ chown -R <username> <user home directory>
>  $ chgrp -R <username> <user home directory>
>  $ chmod 755 <user home directory>
> 
>   Any comments on this please

In general, giving users root power is risky business. I find it hard to
believe you need users to install and remove kernel modules for any
reason other than kernel development, and they should be on their
own box.  But if you must, there is a convention:

  Never log in as root... log in as a normal user and then use the
  "su" command.

This allows you to examine the logs to track who used root approximately
when.

If you have specific programs that a user should be allowed to use, check
out the "sudo" command.  This records the actual use of these commands as
well, which can sort out who actually did what.

It is possible to have more than one user with UID 0 (root), but that fact
is not used by anyone but clumsy crackers because it provides no
traceability to the author of questionable changes to the system... the
recorded UID is 0, so lookups all show changes by root.

Learn about group permissions too... having role-based groups allows
access to resources without the sudo command.

> 
> karthikeyan.
> 
>  ----- Original Message -----
> From: "Micah Cowan" <micah@cowan.name>
> To: <vox@lists.lugod.org>
> Sent: Thursday, November 14, 2002 2:14 PM
> Subject: Re: [vox] SSH Login
> 
> 
> >
> > Nobody, not even you, should be logging in as root unless you have a
> > very good reason to. Most of the time, you should access your site using
> > a less privileged account, and su or sudo to root as necessary.
> >
> > If your SSH server is set up to allow password-based access (quite
> > common, and  in the default configuration I believe), your friend should
> > be able to login via ssh using his/her username and password, after
> > you've created them with useradd and passwd. Otherwise, generate his/her
> > keypair with ssh-keygen according to the SSH documentation, and hand
> > your friend the secret key when you see him/her next.
> >
> > HTH,
> > Micah
> >
> > On Thursday, November 14, 2002, at 12:12  AM, karthikeyan wrote:
> >
> > > Hi All,
> > >
> > > I m new to this admin stuff. I have an SSH root login access to my
> > > friends server at florida. My question would be how to create a login
> > > less
> > > powerfull then [root] so that i can share with a person who is trying to
> > > build a Control Panel for our Hosting Site. I know how to create user
> > > using
> > > [useradd <user name>].
> > >
> > > Environment : Redhat 7.3
> > >
> > > Looking forward for earliest response.
> > >
> > > karthikeyan.
> >
> > _______________________________________________
> > vox mailing list
> > vox@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox
> >
> 
> 
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox
> 

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.