On Wed, Jun 21, 2000 at 11:46:14AM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
> >> I also never quite know what I am going to need to do next. This
> >> makes it hard to just grant certain priveleges. It would be a *huge*
> >> damper on productivity if I had to ask for permission each time I
> >> needed to try something different as root. And what would be the
> >> point of using sudo to grant full access to everything?
>
> Logging what was done and by whom. When you fry your system, the sysadmin
> team invariably gets the dubious responsibility of having to fix it. If we
> can look through the logs to find out what you (collectively) did, we have a
> better chance of being able to fix it rapidly.
Understandable in most cases, just not in mine. When I screw up a
system I've been working on, the sys admins don't really care. It's
my job to figure out what went wrong and fix it.
As I believe Derek said, in my case I really do need the root
password. As stated, the most secure way for such as setup is to make
machines on which I have root access not connected to the primary
network. Due to the huge inconvenience this could cause, all machines
are connected to the production environment anyway. Care is taken as
much as possible to prevent root on my machine from giving me root on
another. I know that may not technically be the best setup security
wise, but I believe any other setup would cramp productivity. If
someone were to cause serious security issues on unauthorized
machines, they would have to have serious malicious intent.
Fortunately, such instances appear to be few around here.
--
Bob Bell Compaq Computer Corporation
Software Engineer 110 Spit Brook Rd - ZKO3-3/U14
TruCluster Group Nashua, NH 03062-2698
[EMAIL PROTECTED] 603-884-0595
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
