nanog mailing list archives
Re: Security Practices question
From: Michael Lamoureux <lamour () mail argfrp us uu net>
Date: 02 Oct 2002 22:23:30 -0400
"eddy" == E B Dreger <eddy+public+spam () noc everquick net> writes: jm> Date: Wed, 2 Oct 2002 17:48:16 -0700 (PDT) jm> From: just me jm> In an environment where every sysadmin is interchangable, and any jm> one of them can be woken up at 3am to fix the random problem of jm> the day, you tell me how to manage 'sudoers' on 4000 machines. eddy> krb5/ksu Well, no. That's an excellent answer to someone else's question, but krdist would be a better answer to his question. ;-) But the real answer is: The same way you maintain everything else on the same 4000 machines. I assume if you're running 4000 machines you have some cookie-cutter secured baseline OS load that gets installed on them all when they're loaded, and then something like home-grown perl scripts wrapped around rdist or rsync, or a specific tool for the purpose like cfengine or synctree to push out changes and keep them all under control. I would assume that the sudoers file could be pushed out with the same mechanism. Or am I missing some implied complexity in your situation? If the implication is that you have 4000 one-off machines, I retract my next statement. ;-) BTW, I really envy "just me". I have yet to work anywhere where every [insert position here] is actually interchangable. Must be nice. IMHO, Michael
Current thread:
- Re: Security Practices question Scott Francis (Oct 02)
- Re: Security Practices question Scott Francis (Oct 02)
- <Possible follow-ups>
- Re: Security Practices question Scott Francis (Oct 02)
- Message not available
- Re: Security Practices question Scott Francis (Oct 02)
- Message not available
- Re: Security Practices question Scott Francis (Oct 02)
- Re: Security Practices question just me (Oct 02)
- Re: Security Practices question E.B. Dreger (Oct 02)
- Re: Security Practices question Michael Lamoureux (Oct 02)
- Re: Security Practices question just me (Oct 03)
- Message not available
- Re: Security Practices question Barb Dijker (Oct 03)
- Message not available
- Re: Security Practices question Jason Slagle (Oct 02)
- Re: Security Practices question Joel Baker (Oct 02)
- Re: Security Practices question Scott Walker (Oct 02)
- Re: Security Practices question Valdis . Kletnieks (Oct 03)
- Re: Security Practices question Scott Francis (Oct 03)
- Re: Security Practices question just me (Oct 03)
- Re: Security Practices question Scott Francis (Oct 03)
- Re: Security Practices question alex (Oct 03)