What's the difference between a normal user (jack) being able to passwordlessly pfexec a root-privileged tar command, vs. having remote root logins enabled?
If pfexec (or sudo or your root-gaining program of choice) requires a password, that will eat the beginning of stdin, and you won't have a valid tar to extract. --Joe ________________________________ From: Bonghwan Kim [mailto:[email protected]] Sent: Tuesday, December 09, 2008 12:00 PM To: Moore, Joe Cc: Ken Gunderson; Damian Wojslaw; [email protected] Subject: Re: [sysadmin-discuss] How to allow root to access SSH remotely on opensolaris 11? Moore, this kind of trick is not working ? #ssh j...@server "pfexec tar cf - /etc/shadow" | tar xvf - I didn't test it but think it should work. Also, indeed, if you wanted the real root in opensolaris, you can setup the real "root" while install setup Just give root to userid instead of giving a normal user. After completing installation, you can login with the real 'root' user. I just checked the role, root was changed into the real, 'root' But, I am not sure if this is a sort of bugs. It's however useful for user who has wanted to use the real root's power. regards, /bonghwan Moore, Joe 쓴 글: Ken Gunderson wrote: 4) login as mortal user 5) "super user up" Is there a way to transfer a root-only access file (consider fetching /etc/shadow for an offline password audit, or pushing a new /etc/motd up to the server)? Currently, I use {,p}scp and am left with either targetting r...@theserver:/path or doing a multistep copy (ssh j...@theserver "getrootequiv cp thefile /tmp" ; scp j...@theserver:/tmp/thefile . # reverse the steps if uploading) The former requires root to be a real user with root role/privs. The latter gives me a headache, and leaves a privileged file in /tmp. I imagine I could switch to rsync over ssh (rsync -e ssh --path-to-rsync="sudo rsync" ./motd j...@theserver:/etc/motd) or something like that, but that seems like serious overkill. And if sudo or whatever is elevating privs requires a password, this breaks. --Joe _______________________________________________ sysadmin-discuss mailing list [email protected]<mailto:[email protected]> http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
_______________________________________________ sysadmin-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
