Re: Doing administrative work
-----BEGIN PGP SIGNED MESSAGE-----
On 01/22/07 04:07, Dave Ewart wrote:
> On Sunday, 21.01.2007 at 22:03 -0500, Jim Hyslop wrote:
> The above example flies in the face of the usual advice, but that's
> because the circumstances are different and possibly rather extreme. I
> don't really need accountability, because I'm the only one with access.
> "Adding a non-privileged user and using sudo" would actually provide
> less security, because it is adding an additional
> potentially-compromisable account to the server.
> However, if the above server was to be maintained by more than one
> sysadmin, I'd probably disable root access entirely and insist on 'sudo'
> for accountability. Further, if there were 'real users' on the system,
> i.e. users who only ever did non-root work, I'd again probably avoid the
> root-only approach.
> Be careful when recommending the above setup, because I believe it's
> only appropriate in very limited circumstances.
I understand your thinking and rationale.
The first thing that pops into my mind, though, is, "What happens if
you get hit by a bus?"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----