Oisteink @ Oisteink @feddit.nl

Posts

0

Comments

502

Joined

2 yr. ago

Right - so console/tty login is restricted by pam and its settings. So disabling ssh root logins means you can still log in as root there.

To lock root you can use passwd -l

If locking root I would keep root shell so i could sudo to root.

So my normal setup would be to create my admin user with sudo rights, set «PasswordAuthentication no» in sshd config and lock root with «sudo passwd -l root» Remember to add a pubkey to admin users authorizedkeys, and give it a secure but typable password

My root is now only available through sudo, and i can use password on console. Instead of locking root you can give it secure typable password. This way root can log in from console so you dont need sudo for root access from console.

It boils down to what you like and what risks you take compared to usable system. You can always recover a locked root account if you have access to single-user-mode or a live cd . Disk encryption makes livecd a difficult option.

Just turn off password logins from anything but console. For all users. No matter where it runs.

It becomes second to nature pretty fast, but you should have a system for storing / rotating keys.

But didnt they already have access? Its a bit hard to figure out whats happening from over the pond

Without a 3rd they can get confused if they loose contact but both nodes are up. Like both are in charge as one vote is enough

That doesn’t make it better though. App data should be under app data, either roaming or local depending on use.

So 3+ hosts for clustering or 2 hosts and an qdevice to fake it

I can pay off about 1hrs per day. So any sleep over 9 hrs males no difference, but 9 helps me recover faster than the normal 8

W/e

So its about race and not system?

My reply was about what prisons are. I was not replying to OP

Norway has one of the lowest recidivism rates in the world, around 20% within five years of release.

With a few exceptions of life sentences, this is not how prisons works. We have prisons to separate the bad apples for a while, and we use that time to rehabilitate the apples. Its not a perfect solution bit it works better than without prison.

Edit to clarify that this is about prison

Nobody will ever need more than 640kb anyways

Go ahead and do just that. You can’t touch him and if you try you will be marked. He will have a pardon if needed. Even if you physically removed him from the earth trump will put another in his place.

But go ahead and spend your time and energy on him. I predict it will be futile

I wish you guys good luck - i hope you have smarter people than you, as you are swallowing his bait

Great comparison

No - i was lucky and wasn’t born in the land of the free. You guys keep on attacking the scape goat. Good for you, het him out and prepare for the next one. Its like gamification - bread and circus.

Its about removing the root cause, not extinguishing the fire. It will just break out again

This is not a truenas issue - its a docker thing. You’d do better by making your own docker-file and do your customisation the docker way.

Yet he’s there, and someone gave him that power, yet you’re mad at musk. So easily fooled. Focus on the reason he’s there, not what he dies