Privileges for remote connection in Linux
Remote connections to a machine running Linux—including those performed by the root user—are established according to authentication policies, which are set up by using Pluggable Authentication Modules for Linux, known as Linux-PAM.
For the authentication policies to work, we recommend installing the latest version of Linux-PAM for your Linux distribution. The latest stable source code of Linux-PAM is available at Linux-PAM source code Web page.
Remote connection as the root user
Remote connections by the root user are established according to the Acronisagent authentication policy, which is automatically set up during the installation of Acronis Backup & Recovery 10 Agent for Linux, by creating the file /etc/pam.d/Acronisagent with the following content:
Remote connection as a non-root user
Since accessing the system as the root user should be restricted, the root user can create an authentication policy to enable remote management under non-root credentials.
The following are two examples of such policies.
Note: As a result, the specified non-root users will be able to connect to the machine remotely as if they were root users. A security best practice is to make sure that the user accounts are hard to compromise—for example, by requiring that they have strong passwords.
This authentication policy uses the pam_succeed_if module and works with Linux distributions with kernel version 2.6 or later. For an authentication policy which works with kernel version 2.4, see the next example.
Perform the following steps as the root user:
The above authentication policy might not work on Linux distributions with kernel version 2.4—including Red Hat Linux and VMware® ESX™ 3.5 Upgrade 2—because the pam_succeed_if.so module is not supported there.
In this case, you can use the following authentication policy.