Restricting root to specific network while leaving other accounts unaffected
Anthony Verevkin
anthony-P5WJPa9AKEcsA/PxXw9srA at public.gmane.org
Mon Jul 15 00:51:07 UTC 2013
> From: "William Muriithi" <william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
> Sudo only work locally so I don't see
> how it can be useful.
Sudo does not only work locally. You can ssh to the server and sudo there.
And all the systems that use ssh as the underlying level, they should have
some parameter where you can change the default command to be called on a
remote server. And you would just prepend 'sudo ' to the default value of
that parameter.
For example in RSYNC, that would be
--rsync-path=PROGRAM
Use this to specify what program is to be run on the remote
machine to start-up rsync. Often used when rsync is not in the
default remote-shell’s path (e.g.
--rsync-path=/usr/local/bin/rsync).
(from "man rsync")
> That left looking at ways to selectifully allowing root access, but
> from a bit of Googling, it seems either I have missed it or sshd
> can't be setup this way.
Another way of doing this is running two copies of sshd running on a
server with two different configs listening on different ports. I wanted
to do such thing for a long time to separate admin management from
scp users (maybe even run scp- version of sshd chrooted), but haven't
tried yet.
Regards,
Anthony
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list