[CLUE-Tech] Sys Admin security and user directory security
Adam_Bultman at gmx.net
Adam_Bultman at gmx.net
Tue Dec 18 12:57:48 MST 2001
I had a beautifully orchestrated email last nhight that I didn't send.
Anyway, I'll re-create a thumbnail version:
If you take root from root, you aren't root anymore. The sysadmin needs
access to EVERYTHING. You take that away, and you can't do your job. I need
ready access to everyone's /home/, /var/spool/mail, etc. If I didn't, I
wouldn't have realized that /var/ was at 95 percent because of two users with 400 MB
mail spools. As well, I wouldn't know that /home/ was filling up with misc.
graphics stuff. Same goes for windows-- where is 33 GB going on this RAID ?
oh, well!
Anyway, if you don't want root in your stuff, encrypt it, or don't keep it
on there. This guy I worked with did this:
1. Encrypt data
2. Put data on zip disk, remove from hard drive.
3. Put zip disks in locked cabinet.
There is NOTHING this person did that required that. I didn't even lock my
machine. there was no reason to, I had nothing on my box but PCanywhere, and
winamp.
Oh, well. If you REALLY don't want the sysadmin to read your files, don't
put a .log ending on it, and put it in clf format.
adam
> On Mon, 17 Dec 2001 19:28:00 -0700
> Kevin Cullis <kevincu at orci.com> wrote:
>
> > OK folks,
> >
> > I've got a question that I have not been able to answer: How can you
> > provide system security and directory security at the same time with
> > different people? For example, I'd like to let the sysadmin handle all
> > of the upgrades, updates, etc for the computer security but NOT allow
> > the sysadmin to view the financials in /home/kevin directory. I'm
> > assuming this is possible, but how does one go about it?
>
> Heh, there is nothing inaccessible to root. If you don't trust your
> sysadmin, then you need a new sysadmin.
>
> --
> "Those who expect to reap the blessings of freedom must, like men,
> undergo the fatigue of supporting it."
> - Thomas Paine
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
--
Adam Bultman
adam_bultman at bigfoot.com
Sent through GMX FreeMail - http://www.gmx.net
More information about the clue-tech
mailing list