• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

remote login as a super user.

 
zius oram
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello all,
my project requires to restrict the access of some files/devices for the client on his local machine. can i as a admin login as a super user on client's computer (ofcourse i know the root user/pasword) and change the access control list. or is there any other way to restrict him through my computer.
thak you.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use the Secure Shell (ssh) to login as a remote superuser, providing that the client computer has sshd active. In older times, people used telnet, but it was insecure, so remote login of the root user was prohibited by default. SSH traffic is encrypted, so it's not an issue.
 
zius oram
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thank you for your reply,
if SSHD is not active how can i activate it, and if permitted a remote root, can i investigate clients ACL (ie chacl).
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
zius oram wrote:if SSHD is not active how can i activate it, and if permitted a remote root, can i investigate clients ACL (ie chacl).

I don't think you can. And I'd be worried if you could.

allowing remove login as root is a huge security hole. As is allowing a remote user to start sshd.

Normally, is the responsibility of the sysadmin to set this up according to his/her needs.
 
zius oram
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
not remote sshd, actually i am devloping an application to assist sysadmins, i will change the settings on client machine myself, i have all root user/password on admins machine and from there onwards i want to restrict the client access to certain devices. can it be done?
 
Jan Cumps
Bartender
Posts: 2599
12
C++ Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you realy shure you want to develop an application that can be used remotely, and that executes commands on the server as root?
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This actually sounds more like setting up a policy. It' might be more appropriate to bundle those rules into a package and install that package as part of system maintenance. Not only does it limit the exposure to sensitive services, it's less prone to human error.

There are few things more annoying than being a remote admin who just locked himself out of the very system being administered.
 
zius oram
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jan Cumps wrote:Are you realy shure you want to develop an application that can be used remotely, and that executes commands on the server as root?


it is sitting on server and executing commands as a super user on client.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm still not understanding it, but I sure don't like the security aspects of it. I don't want anyone running root on either my server or my desktops.
 
zius oram
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thank you for your reply, let me explain the situation.
i am devloping this application for a internet lab, here users are not root, i from my server want to grant access or restrict the use of resources (usb-restricts download, cd rom-no download, drive-dont play with vital data, printer-ask me first), and if there is any other way to do it please tell me, i deadly need to devlope it in time.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic