Security Practices question

Jason Slagle raistlin at tacorp.net
Thu Oct 3 01:28:53 UTC 2002


On Wed, 2 Oct 2002, just me wrote:

> In an environment where every sysadmin is interchangable, and any one
> of them can be woken up at 3am to fix the random problem of the day,
> you tell me how to manage 'sudoers' on 4000 machines.
>
> In an situation where the team needs root; all per-admin UID 0
> accounts add is accountability and personalized shells/environments.
>
> Sorry to ruffle your dogma.

Have I missed something here?

It seems to me having multiple uid 0's would do no good.

Can't a UID 0 user change the password of any other user.

Wouldn't a malicious uid 0 user just change the regular root password?

How does this add any additional layer of accountability.  A uid 0 user
can erase the logfiles, unless they are immutable and you are in secure
mode.

Jason

-- 
Jason Slagle - CCNP - CCDP
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ /   ASCII Ribbon Campaign  .
 X  - NO HTML/RTF in e-mail  .
/ \ - NO Word docs in e-mail .






More information about the NANOG mailing list