On 12/19/2017 02:54 AM, Ronald Wimmer via FreeIPA-users wrote:
We have some users that have ALL sudo permissions. What is the best
way of keeping track of all actions they do after having switched to
the root user? Or would it be better to completely prevent switching
to the root user? (if yes,
On ti, 19 joulu 2017, Ronald Wimmer via FreeIPA-users wrote:
On 2017-12-19 12:05, Jakub Hrozek via FreeIPA-users wrote:
[...]
I think the best practice is to restrict the commands the users can run
to a bare minimum. Letting them only through sudo (as opposed to sudo
su) has the advantage that s
On 2017-12-19 12:05, Jakub Hrozek via FreeIPA-users wrote:
[...]
I think the best practice is to restrict the commands the users can run
to a bare minimum. Letting them only through sudo (as opposed to sudo
su) has the advantage that sudo sends all commands to the audit
subsystem. Also, if someon
On Tue, Dec 19, 2017 at 11:54:12AM +0100, Ronald Wimmer via FreeIPA-users wrote:
> We have some users that have ALL sudo permissions. What is the best way of
> keeping track of all actions they do after having switched to the root user?
> Or would it be better to completely prevent switching to the