User avatar
Obel
Posts: 18
Joined: Wed Jun 17, 2015 12:36 pm
Location: UK

Sharing credentials to your Raspberry Pi good practice

Wed Mar 23, 2016 10:01 am

I would like to ask what would be the best practice if I would like to cooperate with somebody else on my raspberry pi.

Scenario:
So the 3rd party person would be asked to fix a script on my Rasp. I know if I would give him my pi root account and after it just change the password that would still be a security breach as the person could install some backdoors during the work.

So the question is how to give such person access and allow him to work only around specific script.

User avatar
LetHopeItsSnowing
Posts: 357
Joined: Sat May 26, 2012 6:40 am
Location: UK
Contact: Website

Re: Sharing credentials to your Raspberry Pi good practice

Wed Mar 23, 2016 10:24 am

Create a new user for the individual with their own password and set their security so they can only access what you want them to access.

This looks like a good guide to Linux user, groups and permissions.

https://www.linode.com/docs/tools-refer ... and-groups

p.s. in security circles sharing credentials is considered to be 'bad'.
"am I getting slower, or is stuff more complicated; either way I now have to write it down - stuffaboutcode.com"

scotty101
Posts: 3718
Joined: Fri Jun 08, 2012 6:03 pm

Re: Sharing credentials to your Raspberry Pi good practice

Wed Mar 23, 2016 1:25 pm

Even better, don't give them a password, ask them to generate a public ssh key that you can use as their credentials.

https://www.digitalocean.com/community/ ... sh-keys--2
Electronic and Computer Engineer
Pi Interests: Home Automation, IOT, Python and Tkinter

User avatar
DougieLawson
Posts: 36106
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Sharing credentials to your Raspberry Pi good practice

Thu Mar 24, 2016 6:54 am

The better alternative is to clone your SDCard, mail a copy to your 3rd party. Get them to run it on their own RPi then send back the changes needed to fix your script (along with your SDCard copy (which you scrub clean on receipt)).
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

User avatar
karrika
Posts: 1070
Joined: Mon Oct 19, 2015 6:21 am
Location: Finland

Re: Sharing credentials to your Raspberry Pi good practice

Thu Mar 24, 2016 7:27 am

scotty101 wrote:Even better, don't give them a password, ask them to generate a public ssh key that you can use as their credentials.

https://www.digitalocean.com/community/ ... sh-keys--2
This is pretty much how things work today when you trust the other party and you are teaming up to get things done.

For scripts a good way is also to set up a repository, put the script there and work the bugs out. In this way you never need to grant access. This path is very often used for cases where the developers are not authorized to set up the machines. The developers only provide the instructions and trusted personnel sets up the systems.

User avatar
rpdom
Posts: 15187
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Sharing credentials to your Raspberry Pi good practice

Thu Mar 24, 2016 7:39 am

I don't trust anyone with access to my systems unless they are someone I know well, watch everything they do, and have a full backup of the working system (and a way to restore it) to hand.

Too many times I have seen someone come in to install some software on a soon-to-be-live system and mess things up. Scenarios like this were all too common:

Software Supplier: I need root access to do this.
Me: No. Tell me what you need and I will do it.
SS: It is complicated...
Me: I know what I am doing. Tell me what you need.
SS: I have to do it. I need root.
Me: No.
SS: I will speak to your manager.
Me: Ok
Manager: He said no.
SS: I will speak to the Project Manager
PM: I don't understand any of this stuff. Let them have root. What harm can they do?
Me: ...
SS: Yay!
SS: "cd /usr/bin"
SS: "ls"
SS: "cd /homer/pi" (sh: cd: /homer/pi: No such file or directory)
SS: "rm -r *"
SS: Why is "vi" not working now?
Me: ...
Me: Pushes SS out of the way, starts restore of /usr/bin. Emails manager and PM, and yes, same scenario happened on another system some time later.

User avatar
Obel
Posts: 18
Joined: Wed Jun 17, 2015 12:36 pm
Location: UK

Re: Sharing credentials to your Raspberry Pi good practice

Tue Mar 29, 2016 12:08 pm

Thank you all for the advice I will apply to them

Return to “Beginners”