 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Matt Shields wrote: > For years we've used sudo to give our developers and qa access to > production servers run cat, less, more and tail to view logs, but > nothing else. What I've done at my workplace - and which has gotten rid of most of the demands by devs for root - is build 'logviewer', a completely separate server in the production server farm. Devs get non-root access to that box, no access on the production boxes, by default. Whenever someone needs access to a log of some sort that I haven't yet thought of, I simply add a read-only export rule on the source machine with a matching automount rule and slurp it into logviewer. This way there is no possible loophole by which a dev can get write access. We do have to trust that our devs won't abuse read access (once in a while there is a wayward employee who breaches confidentiality by accidentally or deliberately sending data outside the company; so far it hasn't happened on the IT side of the company). -rich
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
