Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a cron job that needs to use the root password. I can enter the root password into the actual crontab entry but my concern is:
1- does cron use a file to store jobs?
2- if it does, is the crontab file encrypted or not?
If cron uses a file and it is encrypted then I feel comfortable having the root password stored in root's cron file (since you have to be root to access the cron file anyways).
However, if the crontab file is not encrypted then I don't feel comfortable storing the password in the crontab. If this is the situation, what are secure alternatives to utilizing the root password in automated jobs?
In most cases, each user on the system has access to their own crontab. If you su to root and do a crontab -e, this will be roots crontab file. Another solution is just placing the sh script ( or whatever language ) in the /etc/cron.hourly directory. You should not script any passwords in any script, nor should you have to. Each crontab is run as that user. I usually use the cron directories on linux, but on other unix boxes, they don't usually have them. If you want to see the setup of the crontab file do a: man -S 5 crontab
Another situation that I have is I want to do a master mysqldump of all of my tables. I already have a working script that will do it. However, that script requires the password to be typed into the actual command that is run. I know that the Linux root password is not the same as the MySQL password but the problem is the same. I don't want to have the password to a MySQL user, that has access to every table, written in a plain text file.
How about creating a mysql user that only has sufficient permissions to run mysqldump? That way if the password escaped into the wild, no real damage could occur.
This kind of thing should be avoided if possible. However if you really must have this user have passwordless root priveleges and you have to set it up in sudo:
#visudo
Code:
# Allow user to run certain programs as root
username ALL=(ALL) NOPASSWD: /usr/bin/program,/usr/sbin/program
or (avoid this if possible as it basically gives that user full root priveleges)
Code:
# Allow user to run certain programs as root
username ALL=(ALL) NOPASSWD: ALL
Actually sudo may not be applicable to this particular problem. The users we are talking about are mysql users, which are not the same thing as system users and sudo doesn't work with mysql users.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.