Correct and improve stricter ssh and doas access #34
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Commit
8b1ce861e3
added stricter ssh and doas access, and was improved by commit10d56cad1e
.But there are some problems and questions :
evolinux-xxx
? We should name themevobsd-xxx
.evolinux-sudo
group is not used in sudoers file but in doas.conf. It should be namedevobsd-doas
.Yes, it was a mistake to import these evolinux-xxx groups from Evolinux.
For me, these groups are exclusives to Evolix users. We should just replace them by a single evolix group. That would make more sense to me...
Evolix users should still be part of the wheel group but I think it's more natural to rely on a specific evolix group for SSH and sudo/doas rights. In doing so every sysadmin - not necessarily familiarised with OpenBSD and the wheel group - will understand straight away.
If for some reason a client needs to connect to an OpenBSD system, then we would create a group named after the client name and add it in the SSH configuration.