North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security Practices question

  • From: Scott Francis
  • Date: Thu Oct 03 12:36:26 2002

On Wed, Oct 02, 2002 at 05:48:16PM -0700, matt@snark.net said:
> On Wed, 2 Oct 2002, Scott Francis wrote:
> 
>   Can you back up that statement in /any/ way? What exactly are your reasons
>   why sudo is a worse solution (or even a bad idea)?
> 
> In an environment where every sysadmin is interchangable, and any one
> of them can be woken up at 3am to fix the random problem of the day,
> you tell me how to manage 'sudoers' on 4000 machines.

You don't _have_ logins directly to 4000 machines. You have a central admin
host (or five) with user-level accounts. Those user-level accounts can 'sudo
ssh <target>' to accomplish things as root on the remote boxes. Given the
nature of the UNIX permissions structure, any solution is going to be lacking
when scaled up large enough - but the problems involved in properly
administering sudo are considerly smaller than those introduced by having
mulitple uid 0 accounts (especially multiple uid 0 accounts on multiple
machines).

What do you do when one (or ten) of those 'interchangeable syadmins' leaves
the company? _Then_ you have a real nightmare - changing root and removing
uid 0 accounts on 4000 boxes. I'd rather manage /etc/sudoers, thanks very
much.

> In an situation where the team needs root; all per-admin UID 0
> accounts add is accountability and personalized shells/environments.

All of which can be handled with sudo, without giving away the keys to the
castle.

> Sorry to ruffle your dogma.

Not dogma, just best practice. 

-- 
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
  GPG key CB33CCA7 has been revoked; I am now 5537F527
        illum oportet crescere me autem minui

Attachment: pgp00008.pgp
Description: PGP signature