On Thu, 22 Jun 2000, Jerry Feldman wrote:
>
> I don't really disagree. But what makes a system admin person more or
> less trustworthy than an engineer. It is important that if engineers are to
> be entrusted with privileges, they must also understand the the rules.
> The engineers create and work with the software assets of the company
> where the system admins are the custodians. It is probably best that
> privileges be granted on an individual basis. One common practice that I
> kind of dislike is that sometimes, many systems on the network will have
> the same root password. This leaves the network wide open, but when
> you have thousands of machines to administer, this might be a
> necessity.
>
Well, in a highly secure system (B2 level & above), sysadmin's are
not considered more trustworthy. In fact, in those systems, there IS
NO ROOT. Everything is done by capabilities, and some people have
capability to install software, some have capability to add users,
some have capability to activate users, some have capability to read
syslogs. And they're not all the same person (or don't have to be).
On a more practical level, no, sysadmin's are not. However,
management knows that these are the 2-3 people who you have to worry
about, as they have the keys. Everyone else goes through SUDO, and is
logged, so someone can recreate what went wrong.
As a former security person, I can say that the majority of threats to
a system that I saw came from:
1. People messing up (root doing a rm -rf * while in /, etc). #1
problem. Try to minimize it by minimizing the people who can do
damage, and making sure that those who can do damage need to take 1 -
2 extra steps before they do (type sudo & password, makes them
(hopefully) go "oh yea, let me make certain I really want to do that".
2. People inside intentionally damaging the system (which IS NOT
THEIRS). This could be the disgruntled person, or the guy who just
got fired, or the guy going "I wonder if they really mean it" or
whatever.
As a non-sysadmin (and as I've stated before), I like SUDO for
because: 1) It makes me think twice before I do something damaging,
2) if I don't think twice, I probably didn't type sudo, and the
command comes back with failure, 3) it's actually quicker to do
than the "su -, password, command, exit," 4) I'm not likely to leave a
root window up that I accidently type the damaging command in before
realizing I could, and 5) (ok, not one until this discussion, but a
good point) things get logged, so someone can go back & figure out
where I messed things up.
For those who don't want the sysadmins to have access to your machine
at work: IT'S NOT YOUR MACHINE! Remember (unless you work for a
really good employer), everything on that machine technically belongs
to the company. When you leave (for whatever reason), the admins need
to be able to go through that. That includes if you leave because you
stepped in front of a bus.
jeff
------------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9379 fax:978.446.9470
------------------------------------------------------------------------
Thought for today: (1) A sheet of paper is an ink-lined plane.
(2) An inclined plane is a slope up.
(3) A slow pup is a lazy dog.
QED: A sheet of paper is a lazy dog.
-- Willard Espy, "An Almanac of Words at Play"
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
