sudo and /etc/sudoers
Smoot Carl-Mitchell
smoot at tic.com
Tue Dec 30 02:52:44 UTC 2008
On Tue, 2008-12-30 at 11:45 +1000, Res wrote:
> On Mon, 29 Dec 2008, Derek Broughton wrote:
>
> > LOL. What a ridiculous attitude from somebody who claims to be an expert.
> > _Somebody_ has to run root programs, and ime it is both possible and
>
> there is asuch a thing called automation, maybe use dictionary.com if you
> dont know what it means.
>
> > large server systems, I am one of the two prime administrators - neither one
> > of us actually has the root password, which _does_ exist but only the
> > daytime computer room operator has. Works fine.
>
> Then you cant be trusted enough, so the daytime guy gets killed in a car
> accident or is dismissed, someone else needs to know it, especially in teh
> later case to change it.
In large environments there is usually a set of procedures to follow
when the daytime guy is unavailable and there is a need for the root
password. There are any number of ways to handle this situation. You
can keep pertinent information in a notebook kept in a secure location.
e.g. an office safe, in the datacenter itself, etc. It can be part of
the HR hire and fire procedures for the organization.
Your example also points out the weakness of distributing the root
password to the system admins. If one leaves or gets fired, you have to
change the root password. If you have a proper sudo environment, all
you need to do is turn off the fired user's account.
--
Smoot Carl-Mitchell
System/Network Architect
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list