On Sun, 15 Nov 2009 12:52:41 +0200, Alan McKinnon wrote: > > Why not use sudo to give the customer's account almost full root > > access? Not only does this allow you to restrict which damaging > > commands he can run but sudo logs each command it runs, so you have > > CYA insurance. > > Double CYA insurance: > > Send all logs to a remote syslog server. The user with sudo permissions > can still disable logging, but you have untouchable evidence that he > did :-)
That's one approach. The other is to give sudo access only for what he needs, which doesn't include disabling logging or many other things. -- Neil Bothwick Top Oxymorons Number 39: Almost exactly
signature.asc
Description: PGP signature