Security: Difference between revisions
From SprezzOSWiki
No edit summary |
No edit summary |
||
| Line 5: | Line 5: | ||
* SELinux | * SELinux | ||
* TCPWrappers | * TCPWrappers | ||
==Root account== | |||
By default, the root account cannot directly log in. This can be changed post-install with <tt>sudo passwd</tt>, but is discouraged. | |||
==Sudo== | |||
The user created during SprezzOS installation will be added to the <tt>sudo</tt> group, which requires no password by default:<pre>%sudo ALL=(ALL:ALL) NOPASSWD:ALL</pre> | |||
To add an arbitrary user U to the <tt>sudo</tt> group, run<pre>sudo usermod -G sudo -a U</pre> | |||
[[CATEGORY: SprezzOS Manual]] | [[CATEGORY: SprezzOS Manual]] | ||
Revision as of 17:33, 27 March 2013
The fewer security mechanisms, the cleaner the design. We believe the majority of useful security automations (outside of a Mandatory Access Control environment) best achieved via a combination of IPTables, POSIX file-based capabilities, seccomp and virtualization. As a result, several technologies have been deprecated in SprezzOS, as it is felt they served only to complicate the security landscape.
Removed Technologies
- Kerberos
- SELinux
- TCPWrappers
Root account
By default, the root account cannot directly log in. This can be changed post-install with sudo passwd, but is discouraged.
Sudo
The user created during SprezzOS installation will be added to the sudo group, which requires no password by default:
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
To add an arbitrary user U to the sudo group, run
sudo usermod -G sudo -a U
