Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Setting up computers scattered over the globe, in LAN, WAN etc.
The need seems to be to have one super "root" (and a delegate or deputy) who has access to everything and local "root" (and a delegate as above) who has access to local machines etc.
This could get rather complex and I wonder if there is anybody who could have advices or advise good material to learn from. It seems the usual permissions wouldn't really solve this problem.
What I probably need is some broad ideas as I cannot visualize a solution easily. I know of the existence of ACL but I'm not sure if it's the answer or not.
Does everyone actually need full root access? You may wish to explore the use of "sudo". This allows you to grant access to users to run apps as root without actually giving them the root password. Another benefit is it logs everything so you can later see who did what if something goes wrong.
If you do need full root access a couple of ideas:
1) Create a "Security Server" to which only the global and his delegate have access. On this make everything secure and put an encrypted file (vim -x filename) that has the passwords for all systems. (We did this at one place I worked.)
2) Use a common root phrase that is modified based on location or machine name (insuring only the global and the delegate know this is the method). Give the root password to each local and delegate only for their location.
Example:
common component: Pap3r
local identifier: First letter of city, First letter of country.
Password for Syndney Australia would be sPap3ra.
Pasword for New York City USA would be nPap3ru.
Password for Rio De Janeiro Brazil would be rPap3rb.
Password for Nairobi Kenya would be nPap3rk.
Very easy to remember for everyone involved. It is possible you'd end up with duplicates but they wouldn't be everywhere so it would be happenstance for someone to get to the right one unless they knew the local identifier methodology - that's why you restrict the knowledge of the methodology to the global and his delegate. You can make it even less likely by choosing something less obvious but easy for you to remember.
Last edited by MensaWater; 05-25-2006 at 10:17 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
