Date: Thu, 29 Nov 2007 10:48:14 +0530 From: Girish Venkatachalam <girishvenkatachalam@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Secure remote shell Message-ID: <20071129051814.GB23249@saraswathy.susmita.org> In-Reply-To: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th> References: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11:28:24 Nov 29, Olivier Nicole wrote: > Hi, > > Part of (un)registerings users on my system consists in connecting to > various servers to add the user account to some services: > > Registering users is done wia a web page, and the web server will > remote execute a script on the mail server to add the users in the > aliases and run newaliases, remote execute a script to the radius > server to add the user in the radius tables and restart radius, etc. > > Of course all the remote execution should be done as root :( > No. Use sudo(8) And tighten it up. Giving remote users root access should never ever be done. Typically each user should run a suid script or something. > So far, one specific user from the web server can rsh -l root to the rsh? Are you living in a cave? :) ssh(8) was released several years ago. rsh is horribly insecure and broken whereas ssh(8) has an excellent security track record. -Girish
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071129051814.GB23249>