Difference between revisions of "Root access"

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search
m (Security implications)
 
(14 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
== Security implications ==
 
== Security implications ==
Because of the inherit problems of local (shell) access, normal H/OS users are only allowed to interact with H/OS via the SOAP API. Even when logged in using ''secure shell'' (SSH), users are only allowed to run the <tt>cli</tt> command, which in itself run other commands via the SOAP API.
+
Because of the inherit problems of local (shell) access, normal [[users]] are only allowed to interact with system via the [[SOAP]] API. Even when logged in using ''secure shell'' (SSH), users are only allowed to run the <tt>[[CLI]]</tt> command, which in itself run other commands via the [[SOAP]] API. '''In this way, the risks of normal users compromising system integrity is minimized.''' In other words, with root access disabled, the operating system image should be unmodified, and the system should perform identical to what is instructed by the [[configuration file]].  
 
 
'''In this way, the risks of normal users compromising system integrity is minimized.''' In other words, the H/OS operating system image should be unmodified, and the system should perform identical to what is instructed by the configuration file.  
 
  
 
=== The root user ===
 
=== The root user ===
The '''root''' user is UNIX's default super user, with user ID number 0. Throughout the system, it has full privileges to do everything. Only the user with username '''admin''' is allowed to activate root access. Thus, users that are not trusted with root access, should not be given access to the admin user. Further, the passwords of the admin and root users should be very long, in order to minimize the risk of other users cracking the hashed, salted passwords.
+
The root user is UNIX's default super user, with user ID number 0. Throughout the system, it has full privileges to do everything. Only the user with username "admin" is allowed to activate root access. Thus, users that are not trusted with root access, should not be given access to the admin user. Further, the passwords of the admin and root users should be very long, in order to minimize the risk of other users cracking the hashed, salted passwords.
 
 
  
 
== Enable root access ==
 
== Enable root access ==
To enable root access, set the root user's password by running the CLI command (as user '''admin''')
+
To enable root access, set the root user's password by running the [[configure]] command (as user '''admin''')
  set system { authentication { root-password "secret-and-difficult-password''
+
  admin@fw1.halon.se> configure
 +
admin@fw1.halon.se# set system { authentication { root-password "secret-and-difficult-password"
 +
admin@fw1.halon.se# commit
 +
and then logout, and log in again with the username "root".

Latest revision as of 18:18, 11 April 2014

The only way to directly execute UNIX commands, from a shell such as sh, is to enable login of the root user.

Security implications

Because of the inherit problems of local (shell) access, normal users are only allowed to interact with system via the SOAP API. Even when logged in using secure shell (SSH), users are only allowed to run the CLI command, which in itself run other commands via the SOAP API. In this way, the risks of normal users compromising system integrity is minimized. In other words, with root access disabled, the operating system image should be unmodified, and the system should perform identical to what is instructed by the configuration file.

The root user

The root user is UNIX's default super user, with user ID number 0. Throughout the system, it has full privileges to do everything. Only the user with username "admin" is allowed to activate root access. Thus, users that are not trusted with root access, should not be given access to the admin user. Further, the passwords of the admin and root users should be very long, in order to minimize the risk of other users cracking the hashed, salted passwords.

Enable root access

To enable root access, set the root user's password by running the configure command (as user admin)

admin@fw1.halon.se> configure
admin@fw1.halon.se# set system { authentication { root-password "secret-and-difficult-password"
admin@fw1.halon.se# commit

and then logout, and log in again with the username "root".