Security Practices question
Jason Slagle
raistlin at tacorp.net
Thu Oct 3 01:28:53 UTC 2002
On Wed, 2 Oct 2002, just me wrote:
> In an environment where every sysadmin is interchangable, and any one
> of them can be woken up at 3am to fix the random problem of the day,
> you tell me how to manage 'sudoers' on 4000 machines.
>
> In an situation where the team needs root; all per-admin UID 0
> accounts add is accountability and personalized shells/environments.
>
> Sorry to ruffle your dogma.
Have I missed something here?
It seems to me having multiple uid 0's would do no good.
Can't a UID 0 user change the password of any other user.
Wouldn't a malicious uid 0 user just change the regular root password?
How does this add any additional layer of accountability. A uid 0 user
can erase the logfiles, unless they are immutable and you are in secure
mode.
Jason
--
Jason Slagle - CCNP - CCDP
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ / ASCII Ribbon Campaign .
X - NO HTML/RTF in e-mail .
/ \ - NO Word docs in e-mail .
More information about the NANOG
mailing list