[scponly] scponly for root user

[wbr oblyr]

Hi Sam,

The short answer to your question is "maybe, but you probably should not".

Bear in mind that if you do not permit root login, then root will be
unable to login. it sounds silly, but it's worth explaining: even when
using scponly, a login process is required before that user's shell is
launched.  so i dont think the "disallow root login" protection can be
enabled for a user you're trying to use.  I think this is what you are
seeing in your logs.

secondly, i dont think you want the root user to have a
non-interactive shell.  truthfully, i don't know what the implications
of this would be exactly, but being able to login as root for
administrative functions is important.  (i dont think using sudo from
another account is a sufficient replacement in all cases.)

i think it might make more sense to consider WHY you want a remote
user to be able to right and read root-owned and protected files.  If
you can alter your permissions on whichver file heirarchy this is -
you will be better off.

joe

On Thu, Sep 15, 2011 at 5:58 AM, Sam Chin <smch1 at hotmail.com> wrote:
> Can i use scponly for root user? I do NOT permit root remotely login but
> would like root to be able to scp/sftp. I have installed scponly and changed
> the root shell to scponly shell. A super user with root privileges login
> into the system was not able to sudo to root.
>
> And when i changed root shell to normal bash shell, i got this error message
> when using root to scponly
>
> [root at xxxxxx ~]# scponly book root at xxxxxxx:~
> scponly[31514]: 3 arguments in total.
> scponly[31514]: arg 0 is scponly
> scponly[31514]: arg 1 is book
> scponly[31514]: arg 2 is root at xxxxxxx:~
> scponly[31514]: opened log at LOG_AUTHPRIV, opts 0x00000029
> scponly[31514]: root login denied [username: (0), IP/port: no ip?!]
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>
>