Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revisionBoth sides next revision | ||
| docs:guide-user:security:secure.access [2023/09/15 11:07] – [Protecting pppd credentials] vgaetera | docs:guide-user:security:secure.access [2023/09/15 16:33] – [Elevating privileges with sudo] split vgaetera | ||
|---|---|---|---|
| Line 62: | Line 62: | ||
| If you require remote SSH access, follow the hardening instructions on SSH mentioned above. | If you require remote SSH access, follow the hardening instructions on SSH mentioned above. | ||
| - | |||
| - | ===== Creating an unprivileged user ===== | ||
| - | Create an unprivileged test user and set him a password. | ||
| - | |||
| - | <code bash> | ||
| - | # Install packages | ||
| - | opkg update | ||
| - | opkg install shadow-useradd | ||
| - | |||
| - | # Create a user | ||
| - | useradd -m -s /bin/ash test | ||
| - | |||
| - | # Set user password | ||
| - | passwd test | ||
| - | </ | ||
| - | |||
| - | Or add the user by hand using a unique UID and GID. | ||
| - | |||
| - | <code bash> | ||
| - | # Edit configs | ||
| - | vi /etc/passwd | ||
| - | vi /etc/group | ||
| - | vi /etc/shadow | ||
| - | |||
| - | # Create home directory | ||
| - | mkdir -p /home/test | ||
| - | |||
| - | # Set permissions | ||
| - | chown test:test /home/test | ||
| - | |||
| - | # Set user password | ||
| - | passwd test | ||
| - | </ | ||
| - | |||
| - | Check the resulting configs. | ||
| - | |||
| - | <code bash> | ||
| - | # Check configs | ||
| - | > grep -e test /etc/passwd /etc/group /etc/shadow | ||
| - | / | ||
| - | / | ||
| - | / | ||
| - | </ | ||
| - | |||
| - | See also: | ||
| - | [[man> | ||
| - | [[man> | ||
| - | |||
| - | ===== Elevating privileges with sudo ===== | ||
| - | Create a privileged group and become its member. | ||
| - | Grant root privileges to the group with sudo. | ||
| - | |||
| - | <code bash> | ||
| - | # Install packages | ||
| - | opkg update | ||
| - | opkg install shadow-groupadd shadow-usermod sudo | ||
| - | |||
| - | # Create sudo group | ||
| - | groupadd -r sudo | ||
| - | |||
| - | # Add user to group | ||
| - | usermod -a -G sudo test | ||
| - | |||
| - | # Configure sudoers | ||
| - | cat << EOF > / | ||
| - | %sudo ALL=(ALL) ALL | ||
| - | EOF | ||
| - | </ | ||
| - | |||
| - | See also: | ||
| - | [[man> | ||
| - | [[man> | ||
| - | [[man> | ||
| - | [[man> | ||
| ===== Protecting PPP credentials ===== | ===== Protecting PPP credentials ===== | ||