Today, Jerry Feldman gleaned this insight:
> I don't really disagree. But what makes a system admin person more or
> less trustworthy than an engineer.
Nothing. The best you can do is interview people and try to get a sense
of them, maybe taking recommendations from people or hiring people you
know. No matter what, you still can't trust them 100% ever!
But you've minimized the risk as much as possible by controlling
access. If someone logged in as root to do something nasty, your
company's security people have a much smaller list of people to start
watching.
> It is important that if engineers are to be entrusted with privileges,
> they must also understand the the rules. The engineers create and
> work with the software assets of the company where the system admins
> are the custodians. It is probably best that privileges be granted on
> an individual basis. One common practice that I kind of dislike is
> that sometimes, many systems on the network will have the same root
> password. This leaves the network wide open, but when you have
> thousands of machines to administer, this might be a necessity.
Agreed on all fronts.
--
PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
