On Fri, 2005-02-12 at 15:59 -0600, akonstam@xxxxxxxxxxx wrote: > > > > One of the things I have learnt over the last two decades > > administrating Unix and Linux systems, is that sometimes > > there can be such a thing as too much security. I have > > had intel based pc systems that were hardened so much that > > even with physical access to the system it took a drill > > to remove the case locking mechanism in order to access > > the motherboard to erase the bios password before being able > > to boot with a recovery disk. Once the recovery disk was > > loaded I was able to change the "admin" users password to > > gain access to the system, after the customer "lost" the > > password, when an employee left. On that system I had > > disabled root from being able to be logged in from all tty's > > and the console, only the "admin" user was able to log in > > from the console. That customer opted for less security on > > the next system. > > > > If you want that kind of security, get a good steel case > > and check out the Bastille Linux project. > t reminds me of a day that will live in infamy when not realizing that > they were using shadow passwds I erased the x in the passwd field of the > root account. That cause the company I was consulting for $1,500. I know > it was a zenith of my stupidity that day and it was on an At&T Unix box > that had no way to boot to run level 1. I did a similar thing recently on > an OS X box where booting to run level 1 is possible. That will teach > people to allow me to administer an OS X box with mysterious commands > that are not reversible. > > I am really not that incompetent but never try to administer a machine > you do not understand. Back in 1984, before I had any formal training in Unix Administration, my boss put me in the awkward position of setting up an NFS system on a customers Sun Microsystems machine. There wasn't enough room on the /usr partition to install all the software, so we got a second drive. I read what I could find, and figured out how to configure the system to use the new drive, and proceeded to copy /usr to the new drive. Once it was done, I decided to remove the files from /usr before mounting the new partition... It wasn't too long before I realized some of the commands I would need to finish the job were in /usr/bin and or /usr/sbin, by then it was too late, I hit control-c but most of the commands I needed had already been deleted. I then quickly learned how to boot off a tape drive and reinstall SunOS, by 03:00 the next morning I had a functional system rebuilt and was able to install get the NFS server running. The very next week I was sent to Sun to get Advanced Administration training. If it wasn't for the fact that my boss sent me even after I told him I did not feel I knew enough and only had operator level training, I likely would not have been working there long enough to get Administrator Training. The moral of my story is; If you don't know what your doing, make sure you make it understood before fumbling into the unknown, if you succeed your a hero, if you don't then at least you weren't misrepresenting your abilities and will not be looked upon as an incapable liar.
