Use of Root
Jerry Feldman
gerald.feldman at hp.com
Tue Feb 1 08:14:09 EST 2005
On Monday 31 January 2005 18:21, Jon Masters wrote:
> We had one colo box where root was disabled, everything went via sudo
> and it tried to stop people doing stuff like "sudo su". It becomes
> completely unworkable and you end up pointing out that, while sudo works
> great in almost all cases, sometimes you do need a root shell :-).
Actually 'sudo -s -H' will give you a root shell.
One of the tools you can use is the logs. However, once you give a user root
privs, that use can change some of the logging.
For the most part, I prefer the following approach in a business
environment:
All users will be set up as routine users with no privileges initially. This
includes Windows and Linux.
Users who have a desire to be their own system admins should be permitted to
do so on an individual or group basis. A person in accounting is generally
not going to be an admin for many reasons. But, a programmer or engineer
would be given privileges to manage his or her own system, but that would
also remove the IT people from the responsibility to support those systems.
But, this is an open-ended discussion because we are dealing with security,
data integrity and time. Does the business want its programmers to spend
time installing and maintaining software?
--
Jerry Feldman <gerald.feldman at hp.com>
Partner Technology Access Center (contractor) (PTAC-MA)
Hewlett-Packard Co.
550 King Street LKG2a-X2
Littleton, Ma. 01460
(978)506-5243
More information about the Discuss
mailing list