 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Monday 31 January 2005 18:21, Jon Masters wrote: > We had one colo box where root was disabled, everything went via sudo > and it tried to stop people doing stuff like "sudo su". It becomes > completely unworkable and you end up pointing out that, while sudo works > great in almost all cases, sometimes you do need a root shell :-). Actually 'sudo -s -H' will give you a root shell. One of the tools you can use is the logs. However, once you give a user root privs, that use can change some of the logging. For the most part, I prefer the following approach in a business environment: All users will be set up as routine users with no privileges initially. This includes Windows and Linux. Users who have a desire to be their own system admins should be permitted to do so on an individual or group basis. A person in accounting is generally not going to be an admin for many reasons. But, a programmer or engineer would be given privileges to manage his or her own system, but that would also remove the IT people from the responsibility to support those systems. But, this is an open-ended discussion because we are dealing with security, data integrity and time. Does the business want its programmers to spend time installing and maintaining software? -- Jerry Feldman <gerald.feldman at hp.com> Partner Technology Access Center (contractor) (PTAC-MA) Hewlett-Packard Co. 550 King Street LKG2a-X2 Littleton, Ma. 01460 (978)506-5243
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
