On Monday, 22.01.2007 at 07:51 -0600, Ron Johnson wrote: > On 01/22/07 04:07, Dave Ewart wrote: > > On Sunday, 21.01.2007 at 22:03 -0500, Jim Hyslop wrote: > > > [snip] > > The above example flies in the face of the usual advice, but that's > > because the circumstances are different and possibly rather extreme. > > I don't really need accountability, because I'm the only one with > > access. "Adding a non-privileged user and using sudo" would > > actually provide less security, because it is adding an additional > > potentially-compromisable account to the server. > > > > However, if the above server was to be maintained by more than one > > sysadmin, I'd probably disable root access entirely and insist on > > 'sudo' for accountability. Further, if there were 'real users' on > > the system, i.e. users who only ever did non-root work, I'd again > > probably avoid the root-only approach. > > > > Be careful when recommending the above setup, because I believe it's > > only appropriate in very limited circumstances. > > I understand your thinking and rationale. > > The first thing that pops into my mind, though, is, "What happens if > you get hit by a bus?" This has crossed my mind, since my daily commute to work involves fighting the local bus drivers, endlessly... :-) The procedure is: the nominated deputy can retrieve the root passwords from the safe and login via the console :-) Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature