[CLUE-Tech] Sys Admin security and user directory security

Adam_Bultman at gmx.net Adam_Bultman at gmx.net
Tue Dec 18 12:57:48 MST 2001 

I had a beautifully orchestrated email last nhight that I didn't send.
Anyway, I'll re-create a thumbnail version:

If you take root from root, you aren't root anymore.  The sysadmin needs
access to EVERYTHING.  You take that away, and you can't do your job.  I need
ready access to everyone's /home/, /var/spool/mail, etc. If I didn't, I
wouldn't have realized that /var/ was at 95 percent because of two users with 400 MB
mail spools.  As well, I wouldn't know that /home/ was filling up with misc.
graphics stuff.  Same goes for windows-- where is 33 GB going on this RAID ?
 oh, well!

Anyway, if you don't want root in your stuff, encrypt it, or don't keep it
on there.  This guy I worked with did this:
1. Encrypt data
2. Put data on zip disk, remove from hard drive.
3. Put zip disks in locked cabinet.

There is NOTHING this person did that required that.  I didn't even lock my
machine.  there was no reason to, I had nothing on my box but PCanywhere, and
winamp.  

Oh, well.  If you REALLY don't want the sysadmin to read your files, don't
put a .log ending on it, and put it in clf format.

adam


> On Mon, 17 Dec 2001 19:28:00 -0700
> Kevin Cullis <kevincu at orci.com> wrote:
> 
> > OK folks,
> > 
> > I've got a question that I have not been able to answer: How can you
> > provide system security and directory security at the same time with
> > different people?  For example, I'd like to let the sysadmin handle all
> > of the upgrades, updates, etc for the computer security but NOT allow
> > the sysadmin to view the financials in /home/kevin directory. I'm
> > assuming this is possible, but how does one go about it?
> 
> Heh, there is nothing inaccessible to root. If you don't trust your
> sysadmin, then you need a new sysadmin.
> 
> -- 
> "Those who expect to reap the blessings of freedom must, like men,
>  undergo the fatigue of supporting it."
>  - Thomas Paine
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
> 

-- 
Adam Bultman

adam_bultman at bigfoot.com

Sent through GMX FreeMail - http://www.gmx.net

More information about the clue-tech mailing list