Subject: Re: standard operating procedure for doing backups as 'operator'
To: Jim Breton <jamesb-netbsd@alongtheway.com>
From: Ian P.Thomas <ipthomas_77@yahoo.com>
List: netbsd-users
Date: 01/16/2002 00:23:23
On Tuesday, January 15, 2002, at 08:58 PM, Jim Breton wrote:
> Hey folks.. I'm getting off my butt and have started doing some backups.
> I understand that the 'operator' user is intended to be used for this
> purpose, doing dumps and so forth.
>
> How do people normally use this account (with ssh) to perform this?
>
> On one pair of machines I've given operator a shell of /bin/sh, left his
> home dir as /, and created /.ssh/ and /.ssh/authorized_keys. That
> works, but is there some cleaner and/or safer way that I'm missing?
> Maybe one that doesn't require giving that account a valid shell?
> (While still using ssh of course.) I would like to make it as
> restrictive as possible while still being able to get the job done.
>
> Just looking for advice. Thanks.
>
You could set up your sudoers file to allow your user to run backup
commands as root. You can even have it not ask for a password, which is
convenient if you have scripts set up to do it. If you want to automate
it, you can setup a cron job. This eliminates the need for another
user, operator. You could make it restrictive so that your normal user
could only run backup commands as root and nothing else.
Ian P. Thomas
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com