Mailinglist Archive: opensuse (3627 mails)
| < Previous | Next > |
Re: [SLE] Use of Linux
- From: James Oakley <joakley@xxxxxxxxxxxxxxx>
- Date: Fri, 29 Jun 2001 11:37:10 -0300
- Message-id: <200106291436.f5TEaE228188@xxxxxxxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On June 29, 2001 11:37 am, zentara wrote:
> At 6/29/01 1:11:00 PM, you wrote:
> >Dear Lists,
> >
> >This is perhaps slightly off topic, so bear with me. :-)
> >
> >I am interested to know, how many of you, actually use a non-root account
> > to get work done. Since there is so many risks of constantly using a root
> > account, how in the world are you supposed to get work done without being
> > logged in as root??
> >
> >For example, most of my bash scripts that I write, require the use of
> >certain files, which, if not ran as root, would require me to run numerous
> >chmod/chgrp commands to get them to run.
> >
> >How have people, gotten around this??
>
> I'm just an amateur, but here is what I do:
>
> 1. "su" to root when you need to run the scripts
> 2. run the scripts as a root cron job
> 3. if you are at your console, keep a root login on 1 console(say alt-F1)
> and run as a user on another virtual console. If you are telnetting
> in, use ssh to login as root.. Whenever you need to run a root script, hit
> <alt-F1>. 4. Then there is the "SUID" file permissions, which can be a
> security risk, but it's an option.
> 5. Setup a special group for the scripts which allow selected users to run
> them.
I'd like to add something here:
I often see people that have su'ed in a terminal type xhost + to allow root
to access your display (to run GUI programs). DON'T DO THAT. It allows
everyone to access your display, including remote machines.
SuSE made a happy little script called sux that let's the user you're su'ing
to access the display in a secure manner. You also don't have to export
DISPLAY or xhost or anything. Just run your app.
I now always use 'sux -' to do root stuff in X, whether I'll be running a GUI
app or not.
- --
James Oakley
Engineering - SolutionInc Ltd.
joakley@xxxxxxxxxxxxxxx
http://www.solutioninc.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7PJKW+FOexA3koIgRAqSvAKCBhfnT7WxW915TJRsJB+Tk3iyuHACeNnHU
WrNUR7ET8MMK8jABCpqhUac=
=BiC9
-----END PGP SIGNATURE-----
Hash: SHA1
On June 29, 2001 11:37 am, zentara wrote:
> At 6/29/01 1:11:00 PM, you wrote:
> >Dear Lists,
> >
> >This is perhaps slightly off topic, so bear with me. :-)
> >
> >I am interested to know, how many of you, actually use a non-root account
> > to get work done. Since there is so many risks of constantly using a root
> > account, how in the world are you supposed to get work done without being
> > logged in as root??
> >
> >For example, most of my bash scripts that I write, require the use of
> >certain files, which, if not ran as root, would require me to run numerous
> >chmod/chgrp commands to get them to run.
> >
> >How have people, gotten around this??
>
> I'm just an amateur, but here is what I do:
>
> 1. "su" to root when you need to run the scripts
> 2. run the scripts as a root cron job
> 3. if you are at your console, keep a root login on 1 console(say alt-F1)
> and run as a user on another virtual console. If you are telnetting
> in, use ssh to login as root.. Whenever you need to run a root script, hit
> <alt-F1>. 4. Then there is the "SUID" file permissions, which can be a
> security risk, but it's an option.
> 5. Setup a special group for the scripts which allow selected users to run
> them.
I'd like to add something here:
I often see people that have su'ed in a terminal type xhost + to allow root
to access your display (to run GUI programs). DON'T DO THAT. It allows
everyone to access your display, including remote machines.
SuSE made a happy little script called sux that let's the user you're su'ing
to access the display in a secure manner. You also don't have to export
DISPLAY or xhost or anything. Just run your app.
I now always use 'sux -' to do root stuff in X, whether I'll be running a GUI
app or not.
- --
James Oakley
Engineering - SolutionInc Ltd.
joakley@xxxxxxxxxxxxxxx
http://www.solutioninc.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7PJKW+FOexA3koIgRAqSvAKCBhfnT7WxW915TJRsJB+Tk3iyuHACeNnHU
WrNUR7ET8MMK8jABCpqhUac=
=BiC9
-----END PGP SIGNATURE-----
| < Previous | Next > |