Remote root ssh
Eric S. Johansson
esj at harvee.org
Sun Jul 1 21:08:33 UTC 2007
Scott Lockwood wrote:
> Root also must be allowed to login remotely via ssh - which is a really,
> really bad idea.
:-) must like traveling hours to use the console :-). I bet you would be
uncomfortable with my process elevation technique for cgi and other automated
processes. using visudo:
ALL ALL = NOPASSWD: /usr/local/bin/xyzzy.py
runs xyzzy as root no password.
ALL ALL = (www-data) NOPASSWD: /home/esj/test.py
runs test.py as www-data
same risk as with any other permissions elevation situation but has the
advantage of not needing to create any set u/g id wrappers. this trick is not
for the careless.
More information about the ubuntu-users
mailing list