Securing root but still being able to work

If it doesn't fit in another category, ask it here.
Post Reply
Light_Speed
Posts: 32
Joined: 2008/01/07 22:47:12

Securing root but still being able to work

Post by Light_Speed » 2012/01/02 19:47:05

I have modified sshd to not allow root login so access to root must now be done via sudo and I am not sure how to do some standard tasks under this setup.

I have always used keys to access root remotely for shell access or scp or whatever but now with no root login I am not able to scp files that are owned as root.

I have a cron on my local machine that runs out to my server and downloads copies of backups for off-site archiving. I had that set to scp and access as root which I can no longer do.

What is the recommended way to gain access to root owned files remotely in a sudo to root environment?

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Securing root but still being able to work

Post by pschaff » 2012/01/02 19:53:31

Your question is very general. Without more specifics, all I can suggest is to copy the files as root to a user-owned directory and chown, or if not system files to just chown the originals, and scp as a user. For more specific help you need to supply details.

Light_Speed
Posts: 32
Joined: 2008/01/07 22:47:12

Re: Securing root but still being able to work

Post by Light_Speed » 2012/01/03 17:39:42

Hi Phil,

Thanks for replying!
The question was general because I know I could chown them to a general user. My question was if I should? :)

I was trying to get pointed to a best practices direction in terms of security while retaining usability.

I wasn't sure if it would be better to move the files into ownership of the general user or add the general user to a group with RW or even just R and make the files and directories be created with that group assignment.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Securing root but still being able to work

Post by pschaff » 2012/01/04 02:59:02

Depends on which specific directories/files you are talking about. Without more specifics I can't offer more specific advice, and apparently nobody else saw enough to stimulate them to jump in either.

allamiro
Posts: 21
Joined: 2009/07/30 20:43:36

Re: Securing root but still being able to work

Post by allamiro » 2012/02/10 21:49:33

you could use a different user for that scp instead of root

like creating a user backup for your cron jobs scp and setting up your cron on your locla server to move files to bacup home and chomod it to backup

Post Reply

Return to “CentOS 5 - Miscellaneous Questions”