Why disable ssh login with root on a server if I only log in with keys, not password?

@Sandal6823@sh.itjust.works · edit-2 10d

WheelchairArtist · 10d

that’s why root owns my .bash* stuff

SavvyWolf · 10d

I don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.

@2ndSkin@sh.itjust.works · 9d

If the .bashrc is immutable, the attacker can’t remove it.
That’s how it works.

SavvyWolf · 9d

The home directory would need to be immutable, not bashrc.

@2ndSkin@sh.itjust.works · edit-2 9d

?

It’s .bashrc, not bashrc, and .bashrc is in the home directory.
If .bashrc is immutable, it can’t be removed from home.

SavvyWolf · 8d

It’s the directory that needs to be writable to delete files, not the file itself.

Although the immutable bit (if that’s what you’re talking about - I thought you meant unsetting the write bit) might change that, I’m not sure.

WheelchairArtist · 9d

you’re right. that’s something i wanted to look into. guess setfacl would do the trick?

Magiilaro · 9d

“chattr +i” is what I use to make things immutable

WheelchairArtist · 9d

thanks

Magiilaro · 9d

deleted by creator