At 6/29/01 1:11:00 PM, you wrote:
Dear Lists,
This is perhaps slightly off topic, so bear with me. :-)
I am interested to know, how many of you, actually use a non-root account to get work done. Since there is so many risks of constantly using a root account, how in the world are you supposed to get work done without being logged in as root??
For example, most of my bash scripts that I write, require the use of certain files, which, if not ran as root, would require me to run numerous chmod/chgrp commands to get them to run.
How have people, gotten around this??
I'm just an amateur, but here is what I do: 1. "su" to root when you need to run the scripts 2. run the scripts as a root cron job 3. if you are at your console, keep a root login on 1 console(say alt-F1) and run as a user on another virtual console. If you are telnetting in, use ssh to login as root.. Whenever you need to run a root script, hit <alt-F1>. 4. Then there is the "SUID" file permissions, which can be a security risk, but it's an option. 5. Setup a special group for the scripts which allow selected users to run them. I'm sure there are more ways. zentara NetZero Platinum No Banner Ads and Unlimited Access Sign Up Today - Only $9.95 per month! http://www.netzero.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On June 29, 2001 11:37 am, zentara wrote:
At 6/29/01 1:11:00 PM, you wrote:
Dear Lists,
This is perhaps slightly off topic, so bear with me. :-)
I am interested to know, how many of you, actually use a non-root account to get work done. Since there is so many risks of constantly using a root account, how in the world are you supposed to get work done without being logged in as root??
For example, most of my bash scripts that I write, require the use of certain files, which, if not ran as root, would require me to run numerous chmod/chgrp commands to get them to run.
How have people, gotten around this??
I'm just an amateur, but here is what I do:
1. "su" to root when you need to run the scripts 2. run the scripts as a root cron job 3. if you are at your console, keep a root login on 1 console(say alt-F1) and run as a user on another virtual console. If you are telnetting in, use ssh to login as root.. Whenever you need to run a root script, hit <alt-F1>. 4. Then there is the "SUID" file permissions, which can be a security risk, but it's an option. 5. Setup a special group for the scripts which allow selected users to run them.
I'd like to add something here: I often see people that have su'ed in a terminal type xhost + to allow root to access your display (to run GUI programs). DON'T DO THAT. It allows everyone to access your display, including remote machines. SuSE made a happy little script called sux that let's the user you're su'ing to access the display in a secure manner. You also don't have to export DISPLAY or xhost or anything. Just run your app. I now always use 'sux -' to do root stuff in X, whether I'll be running a GUI app or not. - -- James Oakley Engineering - SolutionInc Ltd. joakley@solutioninc.com http://www.solutioninc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7PJKW+FOexA3koIgRAqSvAKCBhfnT7WxW915TJRsJB+Tk3iyuHACeNnHU WrNUR7ET8MMK8jABCpqhUac= =BiC9 -----END PGP SIGNATURE-----
James Oakley wrote:
I'd like to add something here:
I often see people that have su'ed in a terminal type xhost + to allow root to access your display (to run GUI programs). DON'T DO THAT. It allows everyone to access your display, including remote machines.
SuSE made a happy little script called sux that let's the user you're su'ing to access the display in a secure manner. You also don't have to export DISPLAY or xhost or anything. Just run your app.
I now always use 'sux -' to do root stuff in X, whether I'll be running a GUI app or not.
There's also X forwarding in openssh, which is especially appropriate when running stuff on other machines, but I don't expect there's any reason why you can't use it locally as well. ie: ssh -X <user>@<host.domain> then run your X apps. -- Rachel
participants (3)
-
James Oakley -
Rachel Greenham -
zentara