×

A cautionary tale about locking Linux & FreeBSD user accounts

A cautionary tale about locking Linux & FreeBSD user accounts



Like every other solo developer and sysadmin, I do stuff using ssh. Some stuff is automated using scripts, and others require ssh login. For example, one of my scripts logs into my Linux and FreeBSD server using public ssh keys and does a particular type of work for me. I have a dedicated user account for that purpose called autovivek on Raspberry PI 4 for Ansible and custom script automation. Here is how it works:
{rpi4:~}$ ssh autovivek@192.168.2.17 /path/to/taks1
In other cases, it sends scripts and then executes them on the remote server named 192.168.2.17. Sounds good, right? So, when I need to make backups and other tasks, I lock down the autovivek user account on the server so that it will not modify data on disks. For example, here is how to lock down a user account:
{linux-server:~}$ sudo usermod -L -e 1 autovivek
## OR ##
{freebsd-server:~}$ sudo pw lock -n autovivek

A cautionary tale about locking Linux and FreeBSD user accounts

However, I soon discovered that a user named autovivek can still log into the server and make changes despite being locked down on both Linux and FreeBSD servers.

Love this? sudo share_on: TwitterFacebookLinkedInWhatsappReddit

The post A cautionary tale about locking Linux & FreeBSD user accounts appeared first on nixCraft.





Source link