Allow root folder change - ASAP

This is really strange. Why is so many websites then writing that you can do that?

http://www.webhostgear.com/24.html
http://forums.fedoraforum.org/archive/index.php/t-47795.html
http://www.wbglinks.net/pages/openbsd/tipstricks.html
http://www.linuxquestions.org/questions/history/369867

I think this is just an issue with semantics. While the couple links you posted called it “direct root login”, all four sites detail how to prevent logging in as root via SSH by editing the /etc/ssh/sshd_config file, and make no mention of using usermod. They call it “direct root login”, I call it “SSH root login”. :rolleyes:

When I think disabling “direct root login”, I think disabling the root account entirely, which is what you did via usermod.

It?s really pretty simple stuff, but like Socheat said the semantics can make it confusing.

If you disable REMOTE root login that is disabling root from SSH’n (port 22) directly. All this does is keep script kiddies from gaining root access by doing a bunch of dictionary passwords with the username root. You would have to log in as any other user that had REMOTE (SSH) login capability. Then you would SU to root. The trick here is the script kiddie would not know this other non-root user login name, so it’s like double (or triple) protection because they would have to guess the username as well as the password. Then they would have to do a su ? and guess the root password.

If you disable the root shell access that means even if you are sitting in front of the linux box (not SSH, just keyboard and monitor) you would not be able to login as root. You would have to do some kind of backdoor thing to fix the /etc/passwd to add root back to a valid shell access. You really DO NOT want to do this.

Another thing you can do if you don?t offer SSH access to your clients (which you shouldn?t because its just not worth the hassle) is block port 22 all together in the firewall and only whitelist your IP address (you would need a static IP to do this of course). This way they can?t even try to login and also takes a little load of your server form the nightly hack attempts.

Hmm SocHeat I know you went out of your way for this reply, but I am first now trying this and get stuck here:

apxs2 -c mod_bwshare.c

It then says:

-bash: apxs2: command not found

huh?

Try just ‘apxs’.

Yeah that worked, however Even after I restarted Apache it does not seem like the module is running.

I then read this on the the author’s site:

"On my SuSE 9 systems, I don’t need to modify the httpd.conf file, but when I run Apache 2.0.50 compiled from source, I have to add this line to the httpd.conf file:

LoadModule bwshare_module modules/mod_bwshare.so"

But when I add, in the bottom that line, with the right directory of course, in httpd.conf, Apache won’t restart.

Ahh never mind I made a mistake, it’s loaded now :slight_smile:

Even though the intitial topic was to allow root change, it seems it turned into a bandwidth throttle thread.

Anyways for those of you interested in such, I can say that bwshare worked as it was supposed to, but I am afraid I have to turn the module off, as I am afraid that search engine spiders might get stuck with a “503” error, if they exceed set amount of bytes/second or files/second, and can’t continue. I have suggested to the author that he allow an option so when exceeding criteria it will just delay further delivery, instead of showing a “503” page.

My problem was when somebody download a large zip or video file, at it would be delivered at 300KB/second. That would slow everybody else down quite a bit.

I solved my problem with a php delivery script such as below:

<?php
// First get file filename from URL
//

// Then deliver file
// Smaller files at full speed
if ($nFileSize < 100000)
readfile($sFilename);
else {
if ($file = fopen($sFilename, ‘rb’)) {
while(!feof($file) and (connection_status()==0)) {
print(fread($file, 1024*8));

  // Simple time delay (nano seconds) to slow things down
    // Of course this will slow down even slow connections!
    usleep(300000);

    // A fancier delay can fairly easy be made, 
    // by counting bytes delivered within a timeframe
    // and then delay accordingly

  flush(); 
} 
fclose($file); 
} 

}
?>

So instead of having a link to say a large zip file on your webpage like this:

<a href=“humongous-zipfile.zip”>Humongous Zipfile</a>

It is now this:

<a href="/php-functions/deliver.php?humongous-zipfile.zip">Humongous Zipfile</a>