Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security Practices question

  • From: just me
  • Date: Thu Oct 03 12:59:59 2002

On Thu, 3 Oct 2002, Scott Francis wrote:

  On Wed, Oct 02, 2002 at 05:48:16PM -0700, matt@snark.net said:
  > In an environment where every sysadmin is interchangable, and any one
  > of them can be woken up at 3am to fix the random problem of the day,
  > you tell me how to manage 'sudoers' on 4000 machines.

  You don't _have_ logins directly to 4000 machines. You have a central admin
  host (or five) with user-level accounts. Those user-level accounts can 'sudo
  ssh <target>' to accomplish things as root on the remote boxes.

So you propose that a trust relationship over the network is a more
secure solution? I can't believe you're advocating allowing ssh logins
as root as a better idea than per-admin uid 0 accounts.

  Given the nature of the UNIX permissions structure, any solution
  is going to be lacking when scaled up large enough - but the
  problems involved in properly administering sudo are considerly
  smaller than those introduced by having mulitple uid 0 accounts
  (especially multiple uid 0 accounts on multiple machines).

You still haven't given me a single example of what these "problems"
are. Just hand-waving and talk about the "right" way is.

  What do you do when one (or ten) of those 'interchangeable syadmins' leaves
  the company? _Then_ you have a real nightmare - changing root and removing
  uid 0 accounts on 4000 boxes. I'd rather manage /etc/sudoers, thanks very
  much.

Are you paying attention? If one of the admins leave, his accounts
(user and UID 0) are deactivated. The password on the "root" account
doesn't need to be changed, assuming he/she didn't know it. Where's
the nightmare there? Its the same level of effort that managing the
sudoers file. If thats a nightmare in your environment, I'm sorry,
you've got bigger problems.


  > In an situation where the team needs root; all per-admin UID 0
  > accounts add is accountability and personalized shells/environments.

  All of which can be handled with sudo, without giving away the keys to the
  castle.

An open sudo configuration (which Barb is advocating in her latest
post) gives away those same keys. So I don't see what the benefit here
is.

matto

--mghali@snark.net------------------------------------------<darwin><
   Flowers on the razor wire/I know you're here/We are few/And far
   between/I was thinking about her skin/Love is a many splintered
   thing/Don't be afraid now/Just walk on in. #include <disclaim.h>





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.