Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

ArubaCloud: I locked my self out but don't know why?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ArubaCloud: I locked my self out but don't know why?

sandrosandro Member
in Help

Hello,
I was using my non root user to change permissions for www folders and the only thing that I've done is add this user to www-data group so that it could edit those files. After that file writing permissions stopped working and when I tried to login again my user password wasn't valid anymore. Does SSH have some kind of protection or I've done something else I can't remember?

I disabled root access so I tried to access via the recovery console which worked but coudln't remember the root password, of course. I tried to search the panel to reset the root password but I found only this http://kb.arubacloud.com/en/computing/access-to-cloud-servers/resetting-the-access-password-on-a-cloud-server-with-a-debian-or-ubuntu-operating-system.aspx which I honestly didn't understand. I raised a ticket to ask the support the reset it for me, is it possible with vmware? I'm used with OpenVZ and SolusVM where I reset the password from there directly.

Also what is the point of disabling root access if another user (sudoer) once in can type "sudo -i" ?

Thanks

Comments

  • msg7086msg7086 Member

    @sandro said:
    Also what is the point of disabling root access if another user (sudoer) once in can type "sudo -i" ?

    Thanks

    With root account enabled you only need to guess out the password of it. With sudo you'll have to guess the sudoer's name and password at the same time.

  • JustAMacUserJustAMacUser Member

    @sandro said:

    Also what is the point of disabling root access if another user (sudoer) once in can type "sudo -i" ?

    Security is done is layers. By limiting root privileges to one or more specific users you're creating another barrier. Plus keep in mind that sudo is not all or nothing--though many do that. You can:

    1. Only allow certain commands.
    2. Only allow certain commands with or without passwords (i.e. when you sudo ls you can optionally not require a password for that command).
    3. Only allow certain IP addresses.
    4. A mixture of the above.

    So there's a lot that can be done.

    Plus, dare I say, even if you are the admin, it's best to do as much work as you can using user-level privileges... Keeping the use of sudo limited to only the specific commands that require it (e.g. sudo vim nginx.conf). This helps you, as the admin, not break things when you're not paying attention, too tired, etc.

    Thanked by 1sandro
  • exception0x876exception0x876 Member, Host Rep, LIR

    @JustAMacUser said:
    sudo vim nginx.conf

    while limiting sudo to only specific commands may be useful sometimes, it might be not a good idea. For example try running this command in vim

    :! bash
Sign In or Register to comment.