Results 1 to 3 of 3
From Linux From Scratch build a minimal system for running my application. but struck on disabling root permission. Need my minimal lfs as ubuntu. when ubuntu boots login-screen displays when ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 05-21-2013 #1
- Join Date
- May 2013
Disabling Root Permissions
Need my minimal lfs as ubuntu.
when ubuntu boots login-screen displays when we enter username and password it will redirect to Desktop from ter when we open a terminal it will open as $--> non root-user from ter we access #--> root via sudo.
Same as ubuntu when my lfs boots want to display my application [xinit-window launcher (same as login screen in ubuntu but, in my case with out asking user name and password)] and when i access terminal it should display as $--> non-root user then i want to use sudo to access root.
- 05-21-2013 #2
Take a look at Make Sudo Work Like Ubuntu on Other Linux Systems for information on how to achieve what you have mentioned in your post above. Personally I don't see the difference between using sudo in the way Ubuntu configures it and using a proper root account. You can do the same amount of damage to a system.
- 06-22-2013 #3
- Join Date
- Apr 2009
- I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
In the final analysis, you only allow root access from directly connected terminals or the system console (no remote root logins), and DO NOT give full sudo access to ANY user account! This is why I do not like how Ubuntu and clones behave...
If you do need remote root access, then you create a user account accessible via ssh that requires a private key to connect (controlled by the account's ~/.ssh/authorized_keys file which contains the account's public key) - password optional. That is a LOT more difficult to compromise. Then, you allow ONLY that account full sudo access to root functions.
My company has VERY stringent security requirements for our servers (thousands of them all over the world) because we host a lot of sensitive user data. This is how we provide secure root access for our distributed system management teams to the servers they are responsible for, which may be spread out all over the globe (console access effectively impossible).
In addition, all root access is logged and forwarded to our security team to evaluate...Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!