9 Matching Annotations
  1. Dec 2019
    1. do not run the installer directly as/from the 'root' account! Always use the sudo command from a non-privileged user account. This is due to variables that are different between root's environment and a user's that aren't affected by an EUID change, as well as code checks in the install itself.
    1. When you do sudo you are running commands as root, another user in another shell and hence all of the setup that RVM has done for you is ignored while the command runs under sudo (such things as GEM_HOME, etc...). So to reiterate, as soon as you 'sudo' you are running as the root system user which will clear out your environment as well as any files it creates are not able to be modified by your user and will result in strange things happening
    1. NOPASSWD doesn't have a major impact on security. Its most obvious effect is to provide protection when the user left his workstation unattended
    1. rsync -chavzP --rsync-path="sudo rsync"
    2. Make sure that the option tty_tickets is disabled for the user you are using

      what does this option do?

    3. sudo, especially combined with NOPASSWD as recommended in the comments, has no security benefits over just using the root account.

      Well, there is at least one security benefit: security through obscurity. Every hacker will try to ssh root@host. But they may not think to attempt rsyncuser@host.

      (Same argument used for using non-standard port instead port 22)

    4. Now using sudo to work around the root account is not only pointless, it's also dangerous: at first glance rsyncuser looks like an ordinary unprivileged account. But as I've already explained, it would be very easy for an attacker to gain full root access if he had already gained rsyncuser access. So essentially, you now have an additional root account that doesn't look like a root account at all, which is not a good thing.
    5. No, clumsily working around the root account in situations where it is absolutely appropriate to use it is not for good reasons. This is just another form of cargo cult programming - you don't really understand the concept behind sudo vs root, you just blindly apply the belief "root is bad, sudo is good" because you've read that somewhere.
  2. May 2019