Re: multihost master.passwd sync

• Previous message: Eric Anderson: "Re: multihost master.passwd sync"
• In reply to: Andy Harrison: "Re: multihost master.passwd sync"
• Next in thread: Andy Harrison: "Re: multihost master.passwd sync"
• Reply: Andy Harrison: "Re: multihost master.passwd sync"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: FreeBSD Security <FreeBSD-Security@FreeBSD.org>
Date: Tue, 27 May 2003 12:38:27 -0700

On Tuesday 27 May 2003 12:31 pm, Andy Harrison wrote:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> On 27-May-2003, Eric Anderson wrote message "Re: multihost master.passwd
> sync" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> >> Because we don't allow root login remotely, mandated from above.
> >
> > so you scp the file to a directory owned by a user designated to only do
> > this function.. then have a cron job that fires up every so often that
> > snags that file and updates the running master.passwd file..
>
> Root can't scp a file from one host to another where remote root login is
> not allowed.

That's not what Eric was suggesting. You use a non-root user account to do
the xfer. You then have a root owned cron job that puts the xfer'd file in
place.

Root never moves anything across the network.

Later on,

-- 
"Always listen to experts.  They'll tell you what can't be done, and why.  
Then do it."
- Robert A. Heinlein
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Eric Anderson: "Re: multihost master.passwd sync"
• In reply to: Andy Harrison: "Re: multihost master.passwd sync"
• Next in thread: Andy Harrison: "Re: multihost master.passwd sync"
• Reply: Andy Harrison: "Re: multihost master.passwd sync"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]