Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

5. Reducing Exposure to Threats by Limit... > Controlling Root Access - Pg. 121

Unix and Linux Security · · 121 · · Interactive session is the replacement for Telnet and rlogin. Using the ssh(1) command line, the sshd daemon creates a new shell and transfers control to the user. In a remotely executed script/command, ssh(1) allows a single command with arguments to pass. This way, a single remote command (such as a backup script) can be executed on the remote system as long as this command is in the default path for the user. An SSH-enabled file transfer program can be used to replace the standard FTP or FTP over SSL protocol. Finally, the SSH protocol is able to tunnel arbitrary protocols. This means that any client can use the privacy and integrity protection offered by SSH. In particular, the X-Window system protocol can tunnel through an existing SSH connection by using the -X command-line switch. 5. Reducing Exposure to Threats by Limiting Superuser Privileges The superuser has almost unlimited power on a Unix system, which can be a significant problem. Controlling Root Access There are a number of ways to limit access for the root user.