Securing root but still being able to work

If it doesn't fit in another category, ask it here.
Post Reply
Light_Speed
Posts: 32
Joined: 2008/01/07 22:47:12

Securing root but still being able to work

Post by Light_Speed » 2012/01/02 19:47:05

I have modified sshd to not allow root login so access to root must now be done via sudo and I am not sure how to do some standard tasks under this setup.

I have always used keys to access root remotely for shell access or scp or whatever but now with no root login I am not able to scp files that are owned as root.

I have a cron on my local machine that runs out to my server and downloads copies of backups for off-site archiving. I had that set to scp and access as root which I can no longer do.

What is the recommended way to gain access to root owned files remotely in a sudo to root environment?

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Securing root but still being able to work

Post by pschaff » 2012/01/02 19:53:31

Your question is very general. Without more specifics, all I can suggest is to copy the files as root to a user-owned directory and chown, or if not system files to just chown the originals, and scp as a user. For more specific help you need to supply details.

Light_Speed
Posts: 32
Joined: 2008/01/07 22:47:12

Re: Securing root but still being able to work

Post by Light_Speed » 2012/01/03 17:39:42

Hi Phil,

Thanks for replying!
The question was general because I know I could chown them to a general user. My question was if I should? :)

I was trying to get pointed to a best practices direction in terms of security while retaining usability.

I wasn't sure if it would be better to move the files into ownership of the general user or add the general user to a group with RW or even just R and make the files and directories be created with that group assignment.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Securing root but still being able to work

Post by pschaff » 2012/01/04 02:59:02

Depends on which specific directories/files you are talking about. Without more specifics I can't offer more specific advice, and apparently nobody else saw enough to stimulate them to jump in either.

allamiro
Posts: 21
Joined: 2009/07/30 20:43:36

Re: Securing root but still being able to work

Post by allamiro » 2012/02/10 21:49:33

you could use a different user for that scp instead of root

like creating a user backup for your cron jobs scp and setting up your cron on your locla server to move files to bacup home and chomod it to backup

Post Reply