5 privileges for remote connection in linux – Acronis Backup for Windows Server Essentials - User Guide User Manual
Page 343
343
Copyright © Acronis International GmbH, 2002-2014
To disable UAC
Do one of the following depending on the operating system:
In a Windows operating system prior to Windows 8:
Go to Control panel > View by: Small icons > User Accounts > Change User Account Control
Settings, and then move the slider to Never notify. Then, restart the machine.
In any Windows operating system, including Windows 8/8.1 and Windows Server 2012/2012 R2:
1. Open Registry Editor.
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
3. For the EnableLUA value, change the setting to 0.
4. Restart the machine.
15.1.2.5 Privileges for remote connection in Linux
Remote connections to a machine running Linux—including those performed by the root user—are
established according to authentication policies, which are set up by using Pluggable Authentication
Modules for Linux, known as Linux-PAM.
For the authentication policies to work, we recommend installing the latest version of Linux-PAM for
your Linux distribution. The latest stable source code of Linux-PAM is available at Linux-PAM source
code Web page.
Remote connection as the root user
Remote connections by the root user are established according to the Acronisagent authentication
policy, which is automatically set up during the installation of Acronis Backup Agent for Linux, by
creating the file /etc/pam.d/acronisagent with the following content:
#%PAM-1.0
auth required pam_unix.so
auth required pam_succeed_if.so uid eq 0
account required pam_unix.so
Remote connection as a non-root user
Since accessing the system as the root user should be restricted, the root user can create an
authentication policy to enable remote management under non-root credentials.
The following are two examples of such policies.
Note: As a result, the specified non-root users will be able to perform any operation on the machine under the
root privileges. A security best practice is to make sure that the user accounts are hard to compromise—for
example, by requiring that they have strong passwords.
Example 1
This authentication policy uses the pam_succeed_if module and works with Linux distributions with
kernel version 2.6 or later. For an authentication policy which works with kernel version 2.4, see the
next example.
Perform the following steps as the root user:
1. Create the Acronis_Trusted group account, by running the following command:
groupadd Acronis_Trusted