Root Access
If requested we also provide administrative (
root) access to a Linux installation
if the ITC agrees.
Methods
Three methods are possible for granting root access.
sudo
You can run
sudo /bin/bash in a terminal and will get a root shell. This is the recommended way for workstations.
If you need only very restricted administrative rights we recommend to use
sudo and specify exactly what you need to do, such as:
- restarting services
- rebooting or powering off the system
- killing processes
- manage user data ownership
Public Key Login via ssh
You provide us with your
ssh public key which we add to the
.ssh/authorized_keys file or the
root account. You then run
ssh -l root {host name of the computer} to log in as root.
This is the recommended way for servers that are maintained by a group.
Password for root Account
You have the password for the
root account and share it with as few people as needed.
This method is only meaningful for servers that are permanently handed over from
isginf to you.
Don'ts
There are a few things you should not do in order to keep you system running:
- Do not replace installed packages or system libraries with stuff that you compiled yourself or for which you downloaded and
RPM file over the internet. Doing so will almost certainly break the update functionality.
- Do not tweak system configuration files. Your system is managed and some configuration files are automatically reset every hour.
- Do not intentionally weaken the system security by creating password-less accounts, making files world-writable, disabling SELinux, turning off logging, etc.
Limited Warranty
If the system breaks because of modifications you did as
root,
isginf will only spend a moderate effort to fix it. After that we will simply re-install the system.
Security Implications
root you can access all files on any mounted share. All other users of the server should be made aware of that you can now see all files. It is up to the
ITC to ensure that this is done.
