North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Security Practices question
On Wed, 2 Oct 2002, just me wrote: > In an environment where every sysadmin is interchangable, and any one > of them can be woken up at 3am to fix the random problem of the day, > you tell me how to manage 'sudoers' on 4000 machines. > > In an situation where the team needs root; all per-admin UID 0 > accounts add is accountability and personalized shells/environments. > > Sorry to ruffle your dogma. Have I missed something here? It seems to me having multiple uid 0's would do no good. Can't a UID 0 user change the password of any other user. Wouldn't a malicious uid 0 user just change the regular root password? How does this add any additional layer of accountability. A uid 0 user can erase the logfiles, unless they are immutable and you are in secure mode. Jason -- Jason Slagle - CCNP - CCDP /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . X - NO HTML/RTF in e-mail . / \ - NO Word docs in e-mail .
|