[CLUE-Admin] Re: [Fwd: FUN-da-mentals]

[Lynn Danielson]

Jed S. Baer wrote:

>Jeffery Cann <fabian at jefferycann.com> wrote:
>  
>
>>Since you told 
>>me about the permission problem, it sounds like I didn't give you the
>>root pw on the box, so I took care of the redirect.  I can give you root
>>pw on Tues.
>>    
>>
>
>... I neither want, nor need, root. [/me remembers the
>discussion on CLUE-Tech earlier about logging in as root] I'm a True
>Believer (TM) in the non-root philosophy. What would be much better would
>be to add me to the appropriate groups, so that I can work with the files
>I need to work with. As CVS exists primarily for the sake of the website,
>that's one obvious group. I suppose the group under which the httpd daemon
>runs (same as owner of /var/apache/htdocs I presume) would be beneficial
>as well. I haven't looked, so I don't know who owns httpd.conf. The other
>possibility would be sudo.
>

While minimizing/eliminating root logins may be a great ideal.  I'm all for
giving everyone with a trusted position in CLUEroot access.  I think forcing
all of the trusted users to us sudo adds some degree of accountibility 
(although
not against someone who's purposely being malicious).  Since it looks 
like we're
going to fill the sysadmin position, maybe this should be for them to 
decide. 
The more it gets locked down the more control (and work) the admin volunteer
will have. 

While I'm not expecting this to happen, what if the majority of the 
admin group
abandoned CLUE tomorrow.  If anyone was left to pick up the peices, it would
be nice if they could get root access on the server.  The last time CLUE 
fell apart
we languished for a long time to get access to and eventually control of 
the server.

On the flip side, I guess Dave and Roy could hack the box if necessary, 
reset the
root password and give access to whoever needed it.  I would understand 
if they'd
like to maintain some control over (or at least knowledge of) who has 
root access
to a box on their network. 

Just my 2 cents,

Lynn