Ah, auditing. I now understand your concern and agree that it is a important concern.
Unfortunately, I don't have an answer, so I look forward to future discussion about this. - jek3 Bart Smaalders wrote: > Torrey McMahon wrote: >> Joseph Kowalski wrote: >>> Bart Smaalders wrote: >>>> How will we insure that there are real administrative users present >>>> in the password file? >>> Are you asserting that installation must create a administrative user >>> (as with Ubuntu, Debian, others) or something else? If its >>> "something else", >>> could you elaborate? >>> >>> If an administrative user deletes all administrative users from the >>> passwd >>> file,... well those are the breaks. He got exactly what he wanted. :-) >> >> Boot off the live CD, mount the image, etc. I guess we should add >> something pretty bulletproof to the docs. Perhaps a "fix root access" >> utility? > > > In the case of a single user system, the current architecture > suffices, perhaps modulo a missing "sudo" :-). > > What I'm trying to point out is that the actual problem is that > we want to know who did what on the system, which a single root > account shared by multiple users thwarts since that account has > a single username/password. > > The proposed replacement is the creation of multiple accounts > which have the privilege to become root-like; each belonging to > a different administrator so that their actions are clearly attributable. > This leverages the current pam modules and provides appropriate > logging to see just who was root when the bad thing happened. > > The result of this, however, is that the same requirements that > we make on the root account (local password entry, local home > directory, no dependency on network services, etc) now extend > to the potentially privileged accounts if they are to be used > to repair broken/mis-configured systems. > > Are there other alternatives to be considered that maintain > knowledge of who become root w/o requiring completely > separate accounts on each system for each administrator? > > - Bart > > >
