[CLUE-Tech] Sys Admin security and user directory security
Brandon N
bneill at yahoo.com
Mon Dec 17 22:50:19 MST 2001
--- Kevin Cullis <kevincu at orci.com> wrote:
> OK folks,
>
> I've got a question that I have not been able to answer: How can you
> provide system security and directory security at the same time with
> different people? For example, I'd like to let the sysadmin handle
> all
> of the upgrades, updates, etc for the computer security but NOT allow
> the sysadmin to view the financials in /home/kevin directory. I'm
> assuming this is possible, but how does one go about it?
>
> Kevin
You can provide limited sysadmin powers to people using a program like
sudo or webmin. As for securing documents, that depends on the level
of security you desire. For minimal security you could use an
encrypted filesystem, of course root would still be able to access it
while it's mounted, for higher security, you could encrypt individual
files, technically root could still access them out of memory, but who
would go to that much trouble to find out how much someone else is
making. You could also explore logging options so that someone else
could oversee the Sysadmins actions.
Someone mentioned that if you're worried about your sysadmin looking at
files he shouldn't, then you need to get a new sysadmin, that is true
if he goes to extraordinary lengths to gain unauthorized access, but
the temptation to peek at a file is very tempting.
Brandon
__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
More information about the clue-tech
mailing list