|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Security Practices question
On Wed, Oct 02, 2002 at 05:48:16PM -0700, matt@snark.net said:
> On Wed, 2 Oct 2002, Scott Francis wrote:
>
> Can you back up that statement in /any/ way? What exactly are your reasons
> why sudo is a worse solution (or even a bad idea)?
>
> In an environment where every sysadmin is interchangable, and any one
> of them can be woken up at 3am to fix the random problem of the day,
> you tell me how to manage 'sudoers' on 4000 machines.
You don't _have_ logins directly to 4000 machines. You have a central admin
host (or five) with user-level accounts. Those user-level accounts can 'sudo
ssh <target>' to accomplish things as root on the remote boxes. Given the
nature of the UNIX permissions structure, any solution is going to be lacking
when scaled up large enough - but the problems involved in properly
administering sudo are considerly smaller than those introduced by having
mulitple uid 0 accounts (especially multiple uid 0 accounts on multiple
machines).
What do you do when one (or ten) of those 'interchangeable syadmins' leaves
the company? _Then_ you have a real nightmare - changing root and removing
uid 0 accounts on 4000 boxes. I'd rather manage /etc/sudoers, thanks very
much.
> In an situation where the team needs root; all per-admin UID 0
> accounts add is accountability and personalized shells/environments.
All of which can be handled with sudo, without giving away the keys to the
castle.
> Sorry to ruffle your dogma.
Not dogma, just best practice.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
Attachment:
pgp00008.pgp
|