On Sun, 15 Nov 2009 12:52:41 +0200, Alan McKinnon wrote:

> > Why not use sudo to give the customer's account almost full root
> > access? Not only does this allow you to restrict which damaging
> > commands he can run but sudo logs each command it runs, so you have
> > CYA insurance.  
> 
> Double CYA insurance:
> 
> Send all logs to a remote syslog server. The user with sudo permissions
> can still disable logging, but you have untouchable evidence that he
> did :-) 

That's one approach. The other is to give sudo access only for what he
needs, which doesn't include disabling logging or many other things.


-- 
Neil Bothwick

Top Oxymorons Number 39: Almost exactly

Attachment: signature.asc
Description: PGP signature

Reply via email to