comp.os.linux.networking
back to index
From: Chris Mattern
Date: Monday, April 07, 2008 1:02 PM
Subject: Re: How to PREVENT a user from logging in through SSH
On 2008-04-07, Ignoramus10392
> On 2008-04-07, Keith Keller
>> On 2008-04-07, Ignoramus10392
>>>
>>> I do need from time to time to perform root tasks from scripts, for
>>> example restarting named after DNS zone files update.
>>
>> That is what su and sudo are for.
>>
>>
>
> I thought that both su and sudo require the user to enter a password?
>
su does requires the password of the user you are switching to (unless
you're root already). sudo *normally* requires the password of the
user who invokes it as a additional security measure but can be
configured to not require it. I would regard setting up a utility
account with NOPASSWORD sudo privileges as more secure than letting
root log directly in via SSH, as you can limit the utility account
to be able to do as root only the things you list in sudo.
--
Christopher Mattern
NOTICE
Thank you for noticing this new notice
Your noticing it has been noted
And will be reported to the authorities
