Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:security:secure.access [2023/09/15 11:05] – [Protecting pppd credentials] vgaetera | docs:guide-user:security:secure.access [2023/09/15 16:33] – [Elevating privileges with sudo] split vgaetera | ||
|---|---|---|---|
| Line 63: | Line 63: | ||
| If you require remote SSH access, follow the hardening instructions on SSH mentioned above. | If you require remote SSH access, follow the hardening instructions on SSH mentioned above. | ||
| - | ===== Creating an unprivileged user ===== | + | ===== Protecting |
| - | Create an unprivileged test user and set him a password. | + | When using PPP, protect its credentials from unprivileged users. |
| - | + | ||
| - | <code bash> | + | |
| - | # Install packages | + | |
| - | opkg update | + | |
| - | opkg install shadow-useradd | + | |
| - | + | ||
| - | # Create a user | + | |
| - | useradd -m -s /bin/ash test | + | |
| - | + | ||
| - | # Set user password | + | |
| - | passwd test | + | |
| - | </ | + | |
| - | + | ||
| - | Or add the user by hand using a unique UID and GID. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | # Edit configs | + | |
| - | vi / | + | |
| - | vi / | + | |
| - | vi / | + | |
| - | + | ||
| - | # Create home directory | + | |
| - | mkdir -p / | + | |
| - | + | ||
| - | # Set permissions | + | |
| - | chown test:test / | + | |
| - | + | ||
| - | # Set user password | + | |
| - | passwd test | + | |
| - | </ | + | |
| - | + | ||
| - | Check the resulting configs. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | # Check configs | + | |
| - | > grep -e test /etc/passwd /etc/group / | + | |
| - | / | + | |
| - | / | + | |
| - | / | + | |
| - | </ | + | |
| - | + | ||
| - | See also: | + | |
| - | [[man> | + | |
| - | [[man> | + | |
| - | + | ||
| - | ===== Elevating privileges with sudo ===== | + | |
| - | Create a privileged group and become its member. | + | |
| - | Grant root privileges to the group with sudo. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | # Install packages | + | |
| - | opkg update | + | |
| - | opkg install shadow-groupadd shadow-usermod sudo | + | |
| - | + | ||
| - | # Create sudo group | + | |
| - | groupadd -r sudo | + | |
| - | + | ||
| - | # Add user to group | + | |
| - | usermod -a -G sudo test | + | |
| - | + | ||
| - | # Configure sudoers | + | |
| - | cat << EOF > / | + | |
| - | %sudo ALL=(ALL) ALL | + | |
| - | EOF | + | |
| - | </ | + | |
| - | + | ||
| - | See also: | + | |
| - | [[man> | + | |
| - | [[man> | + | |
| - | [[man> | + | |
| - | [[man> | + | |
| - | + | ||
| - | ===== Protecting | + | |
| - | When using pppd, protect its credentials from unprivileged users. | + | |
| <code bash> | <code bash> | ||