On Fri, Jun 27, 2003 at 12:18:06PM -0400, James Tison wrote: > If you're LPAR'd and you're tcp wrappered, all you should need > to do is set hosts.allow & hosts.deny properly to only allow > YOUR client in (most PAMs won't permit telnet as root, but > nothing's stopping you from su'ing to root after you've telnet'd > in), effectively making you single-user.
In addition to the comment about sshd (you use ssh, not telnet, right?) There is one practical difference between logging-in as root and logging-in as a user: if you have /home on aseparate partition and that user's home dir is on that partition, you'll have open files on that partition as well. > You're going to need > to manually (or by runlevel script) shut down all the possible > fs users: sshd, httpd, etc until your backups are done. init 1 Alternatively, use runlevel 4 > Then > just do the inverse when you're done: unset hosts.* and bring > all the services back up. init 3 / init 2 > > Either this or train your operators to do it in runlevel 1. At > my site, the operators don't wanna know. Of course, I have > VM, so grabbing the console is no big deal; and nobody tells > me whether any backup method is appropriate or not. All I > have to do is come up with one that works (done). "replace them with a very small shell script"? That console is a really lousy terminal. So it may be worth the effort to write some scripts that will save you typing and piping. -- Tzafrir Cohen +---------------------------+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---------------------------+
