I think enough time has passed that I can write this up in case anyone else runs into this situation. Back when I was tussling with a school IT guy, he demanded "administrative access" to the XSs. Err, you do realize there is no GUI whatsoever and all you're going to see is a prompt, right? He was a Windows guy and didn't want to admit he had no clue what to do with a CLI only Linux system. And got offended when I asked if he had an ssh client. Well, Mr. Big Shot, here's your precious "admin" access.<br>
<br>I created an "admin" user and set a password.<br><br>adduser admin<br>passwd admin<br><br>I use passwords for ssh, but do run it on a nonstandard port, deterring the script kiddies.<br><br>Having previously installed and set up ssmtp so the XSs could send me emails via gmail, I edited /home/admin/.bashrc<br>
<br>echo 'Login Alert on' `hostname` `who -m` | mail -s "Login Alert" <a href="mailto:me@gmail.com">me@gmail.com</a><br><br>Being of a nosy disposition, particularly when it comes to what's going on with my systems, I set it up to quietly log everything he did with this line in /home/admin/.bash_profile<br>
<br>script -q /var/log/sessions/login-`date +%m-%d-%Y-%Hh-%Mm-%Ss`-`whoami`.log && exit<br><br>Created and set permissions to a dir in /var/log that looks innocuous:<br><br>mkdir /var/log/sessions<br>chmod 777 /var/log/sessions<br>
<br>And just in case he reads something on the internet, here's some sudo rope to hang himself with. I can install and customize an XS in under an hour, so whatever if he breaks it. I was actually really looking forward to pulling logs to prove he was out of his league.<br>
<br>visudo and then add an entry for admin under root.<br><br>## Allow root to run any commands anywhere<br>root ALL=(ALL) ALL<br>admin ALL=(ALL) ALL<br><br>The hilarious bit was he claimed he logged into all my XSs and said everything looked OK. What? I didn't get a single email notification and /var/log/sessions was empty. I checked /var/log/secure just to be absolutely sure. What a pompous liar. And a liar who didn't know better than to lie to someone who could prove it via system logs.<br>
<br>So that's my workaround for ignorant people who demand "admin" access.<br><br>Anna Schoolfield<br>Birmingham<br>