Stay Hungry,Stay Foolish!



The.netrcfile contains login and initialization information used by the auto-login process. It generally resides in the user’s home directory, but a location outside of the home directory can be set using the environment variable NETRC. Both locations are overridden by the command line option-N. The selected file must be a regular file, or access will be denied.


Is it safe to use .netrc files to store credentials for tools like curl or ftp?



Storing credentials in clear-text on your computer is a risky business as any application that runs on your computer has access to these credentials. The credentials are also exposed in backups, zips, etc...

.netrc files are a prime target for attackers looking to branch out to other computers.





There is much debate on this. While Neil's answer is correct, storing any credentials on your computer is inherently risky. Even if you encrypt them and store them in a unique location, software you run needs access to the encryption key(s). If you enter the encryption keys every time (or a password to unlock them or similar), it may be just as easy to enter the credentials.

This problem is not unique to passwords. Un*x tends to rely heavily on file permissions (access control) but they cannot differentiate one process running as user from another. SSH private keys stored in ~/.ssh are also a risk, for example.

The main benefit to a standard location for credentials like .netrc is keeping them separate from scripts or other programs that use them. For example, if you write a shell script that automates an FTP session, embedding the user name and password in the script instead of a .netrc file may lead to the credentials inadvertently being shared as the script is stored in source control or copied to other systems.

Using a central location like .netrc also allows individuals to have their own credentials for accessing systems. Shared accounts are frowned upon because it activities cannot be attributed to an individual. Otherwise, individuals need their own copies of scripts.

The second benefit is only having a single place to update changed credentials. If multiple scripts or programs use the same but old credentials, you can lock out accounts. Changing the .netrc file can update multiple scripts or programs at the same time.

That said, encrypting passwords at rest prevents inadvertent access to passwords, such as through backups, shoulder surfing or similar. If you must store credentials on a system, consider something like an encrypted store over the plaintext .netrc file if one is available. For example, git now supports encrypted .netrc files.





项目使用此方式,需要注意设置 运维账户自己才有的 rw 权限。 其它账户(除了管理员)都不能看到。

chmod 600 $HOME/netrc









What is Root Access in Linux? [With Practical Examples]

What is Root Access in Linux?

Root access is the ability to log in as a root user who can control the whole system.  With root access, anyone can perform system-wide tasks (i.e. Installing any software, creating, deleting modifying any user) in Linux. Furthermore, the user with root access is the most powerful user in the Linux operating system because it can damage the whole system if any mistake is made. So it is recommended to log in with root access only when it is necessary otherwise log in without root access.


What is the difference between “sudo” and “root” in Linux?

sudo stands for “superuser do”. It is a program that allows a user to run commands with the privileges of another user (preferably root). This means that the user with sudo access can perform tasks that normally require root access.

On the other hand, the root, also called superuser, is a special user account that has complete control over the whole system. It can perform any task allowed by the operating system.


How to check if I have root access?

To check if you have root access:

  1. Run the command whoami and if the output is “root”, it means you have root access.
  2. Run the Linux id command. If you have root access, then the output will be 0 for all the associated id for the user (UID, GID, etc.).
  3. Run the command echo $LOGNAME. If you have root access, you will output as “root”.,needed%2C%20but%20prevent%20you%20from%20doing%20it%20accidentally.

As well as the files that you create, your computer has a number of files which are needed by the system for it to work properly. If these important system files are changed incorrectly they can cause various things to break, so they are protected from changes by default. Certain applications also modify important parts of the system, and so are also protected.

The way that they are protected is by only allowing users with administrative privileges to change the files or use the applications. In day-to-day use, you will not need to change any system files or use these applications, so by default you do not have administrative privileges.

Sometimes you need to use these applications, so you may be able to temporarily get administrative privileges to allow you to make the changes. If an application needs administrative privileges, it will ask for your password. For example, if you want to install some new software, the software installer (package manager) will ask for your administrator password so it can add the new application to the system. Once it has finished, your administrative privileges will be taken away again.

Administrative privileges are associated with your user account. Administrator users are allowed to have these privileges while Standard users are not. Without administrative privileges you will not be able to install software. Some user accounts (for example, the “root” account) have permanent administrative privileges. You should not use administrative privileges all of the time, because you might accidentally change something you did not intend to (like delete a needed system file, for example).

In summary, administrative privileges allow you to change important parts of your system when needed, but prevent you from doing it accidentally.

What does “superuser” mean?

A user with administrative privileges is sometimes called a superuser. This is simply because that user has more privileges than normal users. You might see people discussing things like su and sudo; these are programs for temporarily giving you “superuser” (administrative) privileges.


Permission tutorial



docker secrets


编译镜像时 dockerfile

容器运行时 docker compose


posted @ 2024-05-09 09:33  lightsong  阅读(6)  评论(0编辑  收藏  举报
Life Is Short, We Need Ship To Travel