From: Ben S. <pow...@16...> - 2014-08-03 00:07:59
|
Erik, Thanks for your suggestion. Actually my board will reboot and recover to its original sdcard image each 2-3 days automatically, so any potential security threats might not be a problem. The real problem is I have to start the auto build script in /etc/init.d/rc.local (or other rc* ?). Since there is no user logging in, the ~ is treated as / rather than /root, and all works are done under /. Well I still worry that, for my board's quick recovery. But my concern is can the way copying .ssh/ from /root to / or creating a symbolic link to /root/.ssh in/ work? Do you have more suggestions? -- 发自我的网易邮箱手机智能版 在 2014-08-02 16:00:54,"Erik Petrich" <epe...@iv...> 写道: > > >On Fri, 1 Aug 2014, Ben Shi wrote: > >> Hi, Erik, >> >> Thanks for you reply. >> >> Can I generate the key files as sdcc_builder then copy them to /root/.ssh ? >> >> Since I have to login as root to run other tasks. >> >> Or are there other ways to walk around that? > >The files need to be in the .ssh directory under the home directory of >whatever user account is running the build script. If the build script is >being run by root, then /root/.ssh is correct and running ssh-keygen from >the root account (as you have already done) is the easiest way to >accomplish this. > >However, running general software development tasks as root is generally >not a good idea. In particular, the build script downloads and execuates >additional scripts and makefiles from our Sourceforge subversion >repository. If this is compomised in some way, then running the build >script as root would allow your computer to be fully compromised as well, >rather than limiting damage to solely the sdcc-builder account. > >There can be problems running as root, even without malice. For example, >suppose we introduce a bug that causes large amounts of memory to be >allocated such that there is insufficient physical memory and so the swap >partition space is used. This can slow the system down, possibly to the >point that it is not usable. For non-root accounts there is usually a >default limit to the amount of memory a process is allowed, but root is >limited only be what is possible (in the case of Linux, it may even >fatally terminate other processes to get more memory in extreme >situations). > > Erik > > >------------------------------------------------------------------------------ >Want fast and easy access to all the code in your enterprise? Index and >search up to 200,000 lines of code with a free copy of Black Duck >Code Sight - the same software that powers the world's largest code >search on Ohloh, the Black Duck Open Hub! Try it now. >http://p.sf.net/sfu/bds >_______________________________________________ >sdcc-devel mailing list >sdc...@li... >https://lists.sourceforge.net/lists/listinfo/sdcc-devel |