I have modified sshd to not allow root login so access to root must now be done via sudo and I am not sure how to do some standard tasks under this setup.
I have always used keys to access root remotely for shell access or scp or whatever but now with no root login I am not able to scp files that are owned as root.
I have a cron on my local machine that runs out to my server and downloads copies of backups for off-site archiving. I had that set to scp and access as root which I can no longer do.
What is the recommended way to gain access to root owned files remotely in a sudo to root environment?
Securing root but still being able to work
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Securing root but still being able to work
Your question is very general. Without more specifics, all I can suggest is to copy the files as root to a user-owned directory and chown, or if not system files to just chown the originals, and scp as a user. For more specific help you need to supply details.
-
- Posts: 32
- Joined: 2008/01/07 22:47:12
Re: Securing root but still being able to work
Hi Phil,
Thanks for replying!
The question was general because I know I could chown them to a general user. My question was if I should? :)
I was trying to get pointed to a best practices direction in terms of security while retaining usability.
I wasn't sure if it would be better to move the files into ownership of the general user or add the general user to a group with RW or even just R and make the files and directories be created with that group assignment.
Thanks for replying!
The question was general because I know I could chown them to a general user. My question was if I should? :)
I was trying to get pointed to a best practices direction in terms of security while retaining usability.
I wasn't sure if it would be better to move the files into ownership of the general user or add the general user to a group with RW or even just R and make the files and directories be created with that group assignment.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: Securing root but still being able to work
Depends on which specific directories/files you are talking about. Without more specifics I can't offer more specific advice, and apparently nobody else saw enough to stimulate them to jump in either.
Re: Securing root but still being able to work
you could use a different user for that scp instead of root
like creating a user backup for your cron jobs scp and setting up your cron on your locla server to move files to bacup home and chomod it to backup
like creating a user backup for your cron jobs scp and setting up your cron on your locla server to move files to bacup home and chomod it to backup