Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
docs:guide-user:security:secure.access [2023/09/15 11:07] – [Protecting pppd credentials] vgaeteradocs:guide-user:security:secure.access [2023/09/15 16:33] – [Elevating privileges with sudo] split vgaetera
Line 62: Line 62:
  
 If you require remote SSH access, follow the hardening instructions on SSH mentioned above. If you require remote SSH access, follow the hardening instructions on SSH mentioned above.
- 
-===== Creating an unprivileged user ===== 
-Create an unprivileged test user and set him a password. 
- 
-<code bash> 
-# Install packages 
-opkg update 
-opkg install shadow-useradd 
- 
-# Create a user 
-useradd -m -s /bin/ash test 
- 
-# Set user password 
-passwd test 
-</code> 
- 
-Or add the user by hand using a unique UID and GID. 
- 
-<code bash> 
-# Edit configs 
-vi /etc/passwd 
-vi /etc/group 
-vi /etc/shadow 
- 
-# Create home directory 
-mkdir -p /home/test 
- 
-# Set permissions 
-chown test:test /home/test 
- 
-# Set user password 
-passwd test 
-</code> 
- 
-Check the resulting configs. 
- 
-<code bash> 
-# Check configs 
-> grep -e test /etc/passwd /etc/group /etc/shadow 
-/etc/passwd:test:x:1000:1000::/home/test:/bin/ash 
-/etc/group:test:!:1000: 
-/etc/shadow:test:$1$uPzGJ3jI$n7ld4E73SPsIx0QTXPMfu1:19615:0:99999:7::: 
-</code> 
- 
-See also: 
-[[man>useradd]], 
-[[man>passwd]] 
- 
-===== Elevating privileges with sudo ===== 
-Create a privileged group and become its member. 
-Grant root privileges to the group with sudo. 
- 
-<code bash> 
-# Install packages 
-opkg update 
-opkg install shadow-groupadd shadow-usermod sudo 
- 
-# Create sudo group 
-groupadd -r sudo 
- 
-# Add user to group 
-usermod -a -G sudo test 
- 
-# Configure sudoers 
-cat << EOF > /etc/sudoers.d/00-custom 
-%sudo ALL=(ALL) ALL 
-EOF 
-</code> 
- 
-See also: 
-[[man>groupadd]], 
-[[man>usermod]], 
-[[man>sudo]], 
-[[man>visudo]] 
  
 ===== Protecting PPP credentials ===== ===== Protecting PPP credentials =====
  • Last modified: 2023/09/15 17:59
  • by vgaetera