Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Password for a command!
Operating Systems Linux Red Hat Password for a command! Post 302871751 by Corona688 on Wednesday 6th of November 2013 08:10:06 PM
Old 11-06-2013
If your security model involves stopping root from being root, it is flawed, because it doesn't work that way. You can't stop root from being root. If they really wanted to -- or even by accident -- your root users could write to the disk raw and trash it. There are no restrictions, because that's what root means... And if you do restrict all these somehow, eventually you'll end up in an emergency situation where root needs to do so and can't because you've altered your system in nonstandard ways.

The other problem is that your security model starts from 'default permit'. You wouldn't even write a firewall this way. Are there dangerous commands you don't know about? Almost certainly. Can you weed out 100% of each and every one individually? Doubtful. You need to work from the opposite direction -- give them access to what they need and only what they need, and absolutely nothing more, instead of giving them root, which gives them guaranteed unencumbered access to everything.

You should protect it by not giving out root. Find other ways besides root to let your admins do what they need. You can give them sudo access to particular commands for example without giving them carte blanche.
Last edited by Corona688; 11-06-2013 at 09:18 PM..
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

any way to use SU command without prompt for password

Hi, First i want to tell you i am not a administrator and everytime to run a sqlscritpt i have to login as SU in a particular account to connect to sqlplus.. I want to write a script which can make me free by doin this .. since i am having the permission for SU i want to know if i can SUDO... (7 Replies)
Discussion started by: myelvis
7 Replies

2. UNIX for Dummies Questions & Answers

SSH with a --password command line???

Has anyone heard of an OpenSSH client being compiled with an additional command-line option for password input? I realize there are reasons to NOT do this, and I realize you can achieve the same type of thing with keys, but I am specifically looking to pass the username & password BOTH on the... (5 Replies)
Discussion started by: jjinno
5 Replies

3. Cybersecurity

Specify password in SFTP command

Hi, How can I specify a password on the scp command line so that it should not prompt for the password? Shabu (3 Replies)
Discussion started by: shabu
3 Replies

4. Shell Programming and Scripting

sudo command with password

Hello everybody, Say I forgot my root password (shit happens, no?) and I'd like to brutally try 100 possibilities to delete a file using sudo. How can I make a script that tries all the passwords? The following doesn't work. Do you have a clue? foo:~$ cat test sudo rm dummy <<< 'password' echo... (1 Reply)
Discussion started by: chebarbudo
1 Replies

5. Solaris

Apply password in some command

hello guys, I need some command,script or anythng which will help me to prompt for a password if I give some common unix command. We need this command to restrict the access to few users only like for tip command. That wenever i give TIP command, it will ask for password and only autherized users... (1 Reply)
Discussion started by: harpreetrekhi
1 Replies

6. Shell Programming and Scripting

passing password to a command

Hi all, I have the expect binaries in our boxes.. I want to pass a passwd to a command automatically without manual intervention using "/<path_of_expect>/expect/<version>/bin/autopasswd" The below command will ask passwd in my script cleartool rmtag -all <vob_tag> #Some... (4 Replies)
Discussion started by: raghu.iv85
4 Replies

7. Shell Programming and Scripting

ssh command with password

hi: how can i use ssh with password in the command line . (4 Replies)
Discussion started by: rainboisterous
4 Replies

8. Linux

Set password in single command

Hi, Can we set password for linux in non-interactive mode. I didn't find suitable option for this in man page. If we wnter "passwd" command, it will tell "Enter password" and "Re-enter password". i wanted to run this step in a script, and i don't want to use "expect" so i am looking for a single... (8 Replies)
Discussion started by: successlin
8 Replies

9. Shell Programming and Scripting

Passing password with SSH command

Hi Experts, I have specific requirement where I want to pass the password with the ssh username@hostname command . I dont want to use RSA public and private keys also. Because that will be on production server and no one wants to give access like that. Second thing it is production... (14 Replies)
Discussion started by: sharsour
14 Replies

10. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

LEARN ABOUT PHP

systemd-volatile-root.service

SYSTEMD-VOLATILE-ROOT.SERVICE(8)			   systemd-volatile-root.service			  SYSTEMD-VOLATILE-ROOT.SERVICE(8)

NAME

       systemd-volatile-root.service, systemd-volatile-root - Make the root file system volatile

SYNOPSIS

       systemd-volatile-root.service

       /lib/systemd/systemd-volatile-root

DESCRIPTION

       systemd-volatile-root.service is a service that replaces the root directory with a volatile memory file system ("tmpfs"), mounting the
       original (non-volatile) /usr inside it read-only. This way, vendor data from /usr is available as usual, but all configuration data in
       /etc, all state data in /var and all other resources stored directly under the root directory are reset on boot and lost at shutdown,
       enabling fully stateless systems.

       This service is only enabled if full volatile mode is selected, for example by specifying "systemd.volatile=yes" on the kernel command
       line. This service runs only in the initial RAM disk ("initrd"), before the system transitions to the host's root directory. Note that this
       service is not used if "systemd.volatile=state" is used, as in that mode the root directory is non-volatile.

SEE ALSO

       systemd(1), systemd-fstab-generator(8), kernel-command-line(7)

systemd 237													  SYSTEMD-VOLATILE-ROOT.SERVICE(8)
All times are GMT -4. The time now is 11:59 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy