nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Practices question

From: Jason Slagle <raistlin () tacorp net>
Date: Wed, 2 Oct 2002 21:28:53 -0400 (EDT)

On Wed, 2 Oct 2002, just me wrote:


In an environment where every sysadmin is interchangable, and any one
of them can be woken up at 3am to fix the random problem of the day,
you tell me how to manage 'sudoers' on 4000 machines.

In an situation where the team needs root; all per-admin UID 0
accounts add is accountability and personalized shells/environments.

Sorry to ruffle your dogma.


Have I missed something here?

It seems to me having multiple uid 0's would do no good.

Can't a UID 0 user change the password of any other user.

Wouldn't a malicious uid 0 user just change the regular root password?

How does this add any additional layer of accountability.  A uid 0 user
can erase the logfiles, unless they are immutable and you are in secure
mode.

Jason

-- 
Jason Slagle - CCNP - CCDP
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ /   ASCII Ribbon Campaign  .
 X  - NO HTML/RTF in e-mail  .
/ \ - NO Word docs in e-mail .
Previous By Date Next
Previous By Thread Next

Current thread: