# Automatic administration requiring root privileges



## mefizto (Apr 10, 2014)

Greetings all,

Many resources advise to disable remote login as root, advocating login as a user and then issue `su` for security reasons.

I am wondering how an automated administration requiring a root privileges is handled?  For example automatic back-up of a plurality of personal computers?

Kindest regards,

M


----------



## SirDice (Apr 10, 2014)

mefizto said:
			
		

> I am wondering how an automated administration requiring a root privileges is handled?  For example automatic back-up of a plurality of personal computers?


Most use security/sudo combined with public/private key authentication.


----------



## J65nko (Apr 11, 2014)

A non-root user that is is member of the group operator can create a backup  with dump(8)
Why?
Because the device nodes for the disk are created with read privilege for the  operator group

```
$ ls -l /dev | grep operator

crw-r-----  1 root  operator    0,  88 Feb  4 21:06 ada0
crw-r-----  1 root  operator    0,  90 Feb  4 21:06 ada1
crw-r-----  1 root  operator    0, 115 Apr  7 16:01 ada1s1
crw-r-----  1 root  operator    0, 121 Apr  7 16:01 ada1s1a
crw-r-----  1 root  operator    0, 123 Apr  7 16:01 ada1s1b
crw-r-----  1 root  operator    0, 125 Apr  7 16:01 ada1s1d
crw-r-----  1 root  operator    0, 117 Apr  7 16:01 ada1s2
crw-r-----  1 root  operator    0, 127 Apr  7 16:01 ada1s2a
crw-r-----  1 root  operator    0, 129 Apr  7 16:01 ada1s2b
crw-r-----  1 root  operator    0, 131 Apr  7 16:01 ada1s2d
crw-r-----  1 root  operator    0, 133 Apr  7 16:01 ada1s2e
crw-r-----  1 root  operator    0, 135 Apr  7 16:01 ada1s2f
crw-r-----  1 root  operator    0, 119 Apr  7 16:01 ada1s3
crw-r-----  1 root  operator    0,   3 Feb  4 21:06 geom.ctl
crw-------  1 root  operator    0,  86 Feb  4 21:06 pass0
crw-------  1 root  operator    0,  87 Feb  4 21:06 pass1
crw-r--r--  1 root  operator    0,  63 Feb  4 21:06 usbctl
crw-------  1 root  operator    0,  64 Feb  4 21:06 xpt0
```


----------



## mefizto (Apr 12, 2014)

Gentlemen,

thank you for the replies.

SirDice,

if I understand you correctly, the script logs in a user using public/private key and then uses `sudo`, which is limited to only certain tasks.  Can you please confirm?

J65nko,

agreed, but my hypothetical was just an example.

Kindest regards,

M


----------



## SirDice (Apr 14, 2014)

mefizto said:
			
		

> if I understand you correctly, the script logs in a user using public/private key and then uses `sudo`, which is limited to only certain tasks.  Can you please confirm?


Yes, that's the idea.


----------

