From owner-freebsd-questions@FreeBSD.ORG Thu Nov 29 05:18:20 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE18516A41B for ; Thu, 29 Nov 2007 05:18:20 +0000 (UTC) (envelope-from girishvenkatachalam@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185]) by mx1.freebsd.org (Postfix) with ESMTP id D58A813C459 for ; Thu, 29 Nov 2007 05:18:20 +0000 (UTC) (envelope-from girishvenkatachalam@gmail.com) Received: by rv-out-0910.google.com with SMTP id l15so1477960rvb for ; Wed, 28 Nov 2007 21:18:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:date:from:to:subject:message-id:reply-to:mail-followup-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; bh=0FvoRnJb1m4VfFHup81A4wBvjyBhZ/H3SF9M/JGangA=; b=h/rYBoSP4SI2/37O5OOYUrC8qbkvW2vIgghf0+R99cXntmm9XtvAZvVa8r5LI4mQ4IANhJ3CYODc7LIztAbKPAMvBiAB57KOM4Sj6v/XuQHLumGp+h4oxcJv7q6mV5AfWFA02PIVd+wLmEu0J9G60J0PlJalaBWgJwneGKd/l7I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:date:from:to:subject:message-id:reply-to:mail-followup-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=jbXBcK64Tp2/lecDnkiPEAXF8pVYTzrZRVAjF6F1CC/A+CXUq82qLE36l3ZgchNIDog94DRWOjhhBZx9cRWS9/oeu2m38ZIBzm4O+PLacda+az1pnJlo+jCowY8ELTzy04CCSyTyc0lWdMSf5IdtWU8bY+JK3dq3l3keTpy1oI8= Received: by 10.141.161.6 with SMTP id n6mr3071293rvo.1196313500379; Wed, 28 Nov 2007 21:18:20 -0800 (PST) Received: from saraswathy.susmita.org ( [59.92.8.167]) by mx.google.com with ESMTPS id k14sm4505704rvb.2007.11.28.21.18.18 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 28 Nov 2007 21:18:19 -0800 (PST) Received: by saraswathy.susmita.org (Postfix, from userid 1002) id 49FC7143ED; Thu, 29 Nov 2007 10:48:14 +0530 (IST) Date: Thu, 29 Nov 2007 10:48:14 +0530 From: Girish Venkatachalam To: freebsd-questions@freebsd.org Message-ID: <20071129051814.GB23249@saraswathy.susmita.org> Mail-Followup-To: freebsd-questions@freebsd.org References: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th> User-Agent: Mutt/1.5.12-2006-07-14 Subject: Re: Secure remote shell X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: girishvenkatachalam@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Nov 2007 05:18:21 -0000 On 11:28:24 Nov 29, Olivier Nicole wrote: > Hi, > > Part of (un)registerings users on my system consists in connecting to > various servers to add the user account to some services: > > Registering users is done wia a web page, and the web server will > remote execute a script on the mail server to add the users in the > aliases and run newaliases, remote execute a script to the radius > server to add the user in the radius tables and restart radius, etc. > > Of course all the remote execution should be done as root :( > No. Use sudo(8) And tighten it up. Giving remote users root access should never ever be done. Typically each user should run a suid script or something. > So far, one specific user from the web server can rsh -l root to the rsh? Are you living in a cave? :) ssh(8) was released several years ago. rsh is horribly insecure and broken whereas ssh(8) has an excellent security track record. -Girish