On Saturday 14 November 2009 21:32:39 Mick wrote: > > Approach security a little more sanely and don't give untrusted users > > root access? If you have to take steps to restrict the root account, > > you need to rethink who has use of it. Preventing damage in the event > > that the system does get compromised is one thing, but trying to > > control someone who is given access to root on the software side is > > the wrong approach, in my incredibly non-humble opinion. > > You are right of course, but in this particular case the guy who pays > wants to have root access.
And you agreed to work like that? So when he fucks things up good royal and proper, will he gladly accept his shafting and pay you more to undo it? Or will he do the usual customer stunt and blame you? I only work under one of two conditions: I am root and the customer is not. The customer is root and I am not. > So, I'm just trying to find an easy way to > protect him from himself. Initially I implemented SELinux, but had to > pull that back because I couldn't in any quick way get Nagios cgi working > with it. One day I may find some time to get back to it. -- alan dot mckinnon at gmail dot com
