|
Message-ID: <20070404001636.GA20806@openwall.com> Date: Wed, 4 Apr 2007 04:16:36 +0400 From: Solar Designer <solar@...nwall.com> To: owl-users@...ts.openwall.com Subject: Re: Owl-based desktop environment Grigoriy, On Mon, Apr 02, 2007 at 02:42:05PM +0400, Grigoriy Strokin wrote: > On Mon, Apr 02, 2007 at 04:56:53AM +0400, Solar Designer wrote: > > Yes - Dmitry has already explained that you should be able to use most > > RPMs from RHEL4 and FC3, as well as some from FC4. > And what exactly is Owl-incompatible in FC4? The version of db4 in Owl 2.0 is close to that in RHEL4 and FC3, but not in FC4. However, it has since been updated, so db4 in Owl-current is actually close to FC4's. > Specifically, can I use xorg-x11-* from FC4 to get a relatively fresh > X.org? Yes, maybe - feel free to try and report back in here. > One of operations I'll need often is halt/reboot. How do I use > shutdown as grg without making /sbin/shutdown suid root? Man shutdown > says about /etc/shutdown.allow, but I think it assumes suid root anyway. The default /etc/inittab tells init to invoke /sbin/shutdown (with some options) on Ctrl-Alt-Del (when you're on a text console). This does not require you being logged in. > I meant that disabling the root password altogether might add more > security. It really doesn't help much, if the password would have been strong. > 1) Disable the password for root and add a ssh key to > ~root/.ssh/authorized_keys. > 2) Do not store this ssh key in ~grg/.ssh/, but create another > account grg2 and place the ssh key there. Therefore, grg can never > become root even if the account is compromised. > 3) Allow grg2 to login only from the physical console. > 4) Every time I need to become root, switch to another > console where grg2 is logged in, and run ssh root@0 there (and type > the passphrase). > > Does it make sense? It's not very different from only allowing root logins from the physical console. You seem to be adding complexity for no gain. -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail owl-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.