ls -l /etc/passwd gives $ ls -l /etc/passwd -rw-r–r– 1 root root 1862 2011-06-15 21:59 /etc/passwd So an ordinary user can read the file. Is this a security hole? Asked by abc Actual password hashes are stored in /etc/shadow, which is not readable by regular users. /etc/passwd holds other information about user ids and shells that must be readable by all users for the system to function. Answered by Michael Check more discussion of this [...]Continue Reading »
I’m trying to implement an automated root password change for our Linux boxes. I’m generating a hash in the script since users will be able to see the contents of the script. I found that you can pass a hash with the usermod utility. However, I’m running into a variable substitution issue as seen below. Example: # usermod -p $1$0J8av/8N$LIKB2G56XJn2IXp0XzERo1 root# grep root /etc/shadow root:-bashJ8av/8N:15709:0:99999:7::: Asked by kernelpanic Surround the password on the usermod command [...]Continue Reading »
I used to login as ssh root@servip with a password authentication into my CentOS 6 server. I am not sure if what I have done has caused this, but while trying to get over my problem of accessing webmin remotely I followed the following tutorial until I reached: adding auth required pam_google_authenticator.so into /etc/pam.d/sshd. Then by mistake, I have closed the ssh session. When I tried to login in back with the usual password, I [...]Continue Reading »
After running the following commands (bash) as root via SSH: pkill –help pkill -h pkill /? The first two commands didn’t provide me any information, that’s why ran the third (kinda instinctively…). What happened next is that my SSH session to the server closed, and it wouldn’t reconnect. I’m guessing that it stopped all (or most of) the running processes, including the daemon in-charge for such sessions. I would like to understand why this happened: [...]Continue Reading »
There is a recent question regarding multiple sysadmins working as root, and sudo bash -l was referenced. I searched for this on google and SE, but I don’t understand the difference between sudo bash -l and sudo -i. From the man pages for bash and sudo it seems that the difference may be that sudo bash -l runs ~/.bash_profile, ~/.bash_login, and ~/.profile, and ~/.bash_logout of the root user, but from testing myself it looks like [...]Continue Reading »
In our team we have three seasoned Linux sysadmins having to administer a few dozen Debian servers. Previously we have all worked as root using SSH public key authentication. But we had a discussion on what is the best practice for that scenario and couldn’t agree on anything. Everybody’s SSH public key is put into ~root/.ssh/authorized_keys2 Advantage: easy to use, SSH agent forwarding works easily, little overhead Disadvantage: missing auditing (you never know which “root” [...]Continue Reading »
I have root WHM password for a domain and I am able to login using following URL http://domain_name/whm But when I use the same root password to connect to server using SSH I get access denied message. How can I solve this issue? I want to login using root through SSH. I am using Putty to connect. Thanks Asked by Ali Two Possibilities: First, when you log into WHM’s web interface, go to Security >> [...]Continue Reading »
I have a rather unique situation that I need to come up with a solution for. We have servers by which a remote team requires having root access to our servers to perform certain jobs. We need to still allow them root access, but deny them from the ability to use iptables, visudo & passwd. We are going to force them to not be able to login as root any longer and to login with [...]Continue Reading »
I am starting a web hosting company and there are a few details that I have yet to figure out, one of them being some sort of SSH VPN to connect to our servers running CentOS 6 with cPanel. So this is what I am looking to do… 1) Have a master server with specific user logins (user1, user2, etc.) for my employees. In order to SSH into any of our servers, they would all [...]Continue Reading »
Possible Duplicate: What's wrong with always being root? I have a server running in a datacenter with strong firewall & VPN protection. I have a few java apps which I have written myself running as these boxes. Currently I only have root user and run everything as root. Is there any reason why this might be a bad idea? Asked by DD. Your precautions have mitigated a large percentage of the threats that feast on [...]Continue Reading »
- Cron expression that runs every 5 minutes from 1:30 am – 6:00 am [duplicate]
- Understanding redundant power supplies
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?