Security Practices question

Thu Oct 3 16:31:57 UTC 2002

On Wed, Oct 02, 2002 at 05:48:16PM -0700, matt at snark.net said:
> On Wed, 2 Oct 2002, Scott Francis wrote:
> 
>   Can you back up that statement in /any/ way? What exactly are your reasons
>   why sudo is a worse solution (or even a bad idea)?
> 
> In an environment where every sysadmin is interchangable, and any one
> of them can be woken up at 3am to fix the random problem of the day,
> you tell me how to manage 'sudoers' on 4000 machines.

You don't _have_ logins directly to 4000 machines. You have a central admin
host (or five) with user-level accounts. Those user-level accounts can 'sudo
ssh <target>' to accomplish things as root on the remote boxes. Given the
nature of the UNIX permissions structure, any solution is going to be lacking
when scaled up large enough - but the problems involved in properly
administering sudo are considerly smaller than those introduced by having
mulitple uid 0 accounts (especially multiple uid 0 accounts on multiple
machines).

What do you do when one (or ten) of those 'interchangeable syadmins' leaves
the company? _Then_ you have a real nightmare - changing root and removing
uid 0 accounts on 4000 boxes. I'd rather manage /etc/sudoers, thanks very
much.

> In an situation where the team needs root; all per-admin UID 0
> accounts add is accountability and personalized shells/environments.

All of which can be handled with sudo, without giving away the keys to the
castle.

> Sorry to ruffle your dogma.

Not dogma, just best practice. 

-- 
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
  GPG key CB33CCA7 has been revoked; I am now 5537F527
        illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20021003/229e3769/attachment.sig>