From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 44CA8138CD0 for ; Thu, 21 May 2015 14:00:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 96244E0930; Thu, 21 May 2015 14:00:46 +0000 (UTC) Received: from oc.oops.co.at (oc.oops.co.at [176.58.98.19]) by pigeon.gentoo.org (Postfix) with ESMTP id 74528E0864 for ; Thu, 21 May 2015 14:00:44 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by oc.oops.co.at (Postfix) with ESMTP id 3FEEC8826A for ; Thu, 21 May 2015 16:00:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at oc.oops.co.at Received: from oc.oops.co.at ([127.0.0.1]) by localhost (oc.oops.co.at [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ePfObtj06KKC for ; Thu, 21 May 2015 16:00:34 +0200 (CEST) Received: from [IPv6:2001:15c0:65ff:8742:3a60:77ff:fe4c:2cc7] (unknown [IPv6:2001:15c0:65ff:8742:3a60:77ff:fe4c:2cc7]) by oc.oops.co.at (Postfix) with ESMTPSA id 2894388269 for ; Thu, 21 May 2015 16:00:34 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xunil.at; s=mailout; t=1432216834; bh=DWm8f2NFzIUamELhjBZ4Q8TFBMiLrjFM+4I4tOH4K7E=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=EPSp8O0QPl8Ikx/qiDdZ9NFS2G06wajaoIXONyBc2jKP0VGYzfZP4268gsB4fRAAh HjxRISOGLZBYmrKiQoQp+e5Mmmbx3N7tV4nERFArmK8t0IWxAC5y0r2HdWQWnt8+xe CmdlkrKQsZ9D7wUrwZGS+sOQcHcq5NpFrrazbL4U= Message-ID: <555DE501.8030203@xunil.at> Date: Thu, 21 May 2015 16:00:33 +0200 From: "Stefan G. Weichinger" Organization: oops! User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] user config provisioning References: <555CF761.90307@xunil.at> <555D0485.1020000@gmail.com> <555DC141.2030200@xunil.at> <555DD95D.2070603@gmail.com> In-Reply-To: <555DD95D.2070603@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Archives-Salt: 7815a492-1d33-4e96-b77a-fa0c59f9bc68 X-Archives-Hash: 086c2c9379e03cadaa8a4f3b272b4f84 On 21.05.2015 15:10, Alan McKinnon wrote: > I didn't realize you want to deploy keys for root. Is that root on your > local machine, or root on the remote machines? both ... mixed and grown setup > Either way, that part *does* need some thinking through. yes! I knew it ;-) > For automation involving root permissions, I prefer to use a remote > system (non-root) account and give it the needed permissions in > /etc/sudoers, being careful to disallow sudo -i, sudo su, and friends hm. so much work all around.