On Monday 01 March 2010 03:47:12 Neil Bothwick wrote: > On Mon, 1 Mar 2010 01:07:21 +0200, Alan McKinnon wrote: > > Don't read my post as literally meaning they must type the 7 characters > > "sudo su". Read it more as "use any feature of sudo you feel like to > > get a root shell, but you must use sudo. As opposed to using su alone". > > The problem with this in your situation is that you only get a log entry > when the user switches to root, not for whatever they do in that root > shell, whereas having them run each command with sudo logs every action > they take as root. Or do you have a way of auditing the commands run from > the root shell?
We just log the fact of running sudo. The admins are trusted to not cock things up, and if they do, to not try and hide it. The philosophy is simple - if we feel we can't trust you, we would not have hired you. Editing root's history after the fact to hide your tracks is considered a heinous crime of unimaginable proportions. Anyone caught doing it is sentenced to buy cake for the entire technical team. That's about 100 people. And when I saw cake I don't mean a teeny weeny jam tart each, I mean cake - chocolate filled croissants, black forest and my personal favourite: 4 inch high carrot cake. People only buy cake once around here :-) -- alan dot mckinnon at gmail dot com
