Security Basics mailing list archives
Re: Application Admins with Local Admin on Servers
From: Adam Pal <pal_adam () gmx net>
Date: Wed, 11 Jul 2007 22:32:10 +0200
Hello Megan, I can give you 2 examples about what i saw so you can eventualy get some more ideas: *) in a medium size company where developers are working with the IT-Staff together (or maybe they are the same) an are on the same location local admin privilege can be granted, eventualy also admin-privilege to some server, but not to all. Nothing about harrasment but just in case some developer-machine goes nuts... If i would be part of developer-team, i would like to ensure that the development-enviroment is completely separated from the production-environment. If you see any danger in affecting production-systems then DONT grant privileges. **) in a big project where locations are distributed all over the world, usualy the developer needs and has full-rights on his host, but restricted rights on the shared medium (cvs, development server, nfs, etc) which can be more or less restrictive according to the status (project manager, etc). -- Best regards, Adam Pal Tuesday, July 10, 2007, 4:15:02 AM, you wrote: <==============Original message text=============== MK> System Administrators - MK> I am trying to get a feel for what other companies do with regard to MK> application developers needing local admin privileges on servers. I am MK> specifically working in a Windows environment but believe that the MK> same principles would apply in any environment. Here are my questions: MK> Do you grant admin privileges to application developers? MK> If not, do you grant them specific access or do you take care of the MK> work for them? MK> I do understand that it is a violation of separation of duties to MK> allow application developers to have local admin or root on systems, I MK> am simply try to get an idea of what the rest of the community does in MK> practice. MK> Thanks! <===========End of original message text===========
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Application Admins with Local Admin on Servers Megan Kielman (Jul 11)
- Re: Application Admins with Local Admin on Servers Malcolm Heath (Jul 11)
- Re: Application Admins with Local Admin on Servers Ansgar -59cobalt- Wiechers (Jul 11)
- RE: Application Admins with Local Admin on Servers Petter Bruland (Jul 11)
- Re: Application Admins with Local Admin on Servers Yousef Syed (Jul 11)
- Re: Application Admins with Local Admin on Servers Adam Pal (Jul 11)
- Re: Application Admins with Local Admin on Servers Joseph Brown (Jul 12)
- <Possible follow-ups>
- Re: Application Admins with Local Admin on Servers levinson_k (Jul 11)
- Re: Application Admins with Local Admin on Servers krymson (Jul 13)