Today, Dana S. Tellier gleaned this insight:
> IMHO, I think the whole root password access situation comes down
> to engineers wanting to feel like they're "the ones in charge". (And no
> flaming me for this, as I know it's a feeling *I* have all the
> time) Whenever someone tells us, "you can't have full access to this" we
> feel like we're not being trusted, and as people who "know what we're
> doing", we feel as if we damn well SHOULD have access, especially if it's
> considered to be our machine (which, if you work for a company, it is NOT
> yours).
Often that's true, but there really is more to it than that. Jerry,
Kevin, and Bob have raised some very very good issues. Security is
EXTREMELY complicated.
> If the sysadmins and engineers spent as much time talking about
> security and working things out as we've spent talking about it on
> this list, all of the problems would be solved.
YES!!! That I agree with wholeheartedly. Management needs to be involved
too. I've said as much in another post. Each group needs to understand
what the other groups' responsibilities are, so that an appropriate
balance between security and productivity can be met. Each needs to
educate the other as to how things can be done to improve both to the
greatest extent. Collaboration, rather than the all-too-common
adversarialism, is required to solve this very complex problem.
--
PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
