> Here is a situation where this does not make sense, and the use of sudo
> does make sense
>
> 1. Multiple users with root authority.
> john, bill, and sam
>
> one of these 3 happens to get mad/upset/frustrated/careless
> This user (lets say john) logs in and runs some commands that are very
> destructive to the system
> (have you ever heard of "rm -rf /" being run????)
> All three users actions are recorded as being done by root, thus no way
> to track who did what or when.
> The analysis of the problem shows that "root" did some
> dumb/careless/harmfull things to the system.
>
> Who is responsible????? Answer: one of the above
>
> 2. One closely guarded root account with multiple users allowed the same
> access with sudo.
> again, users john, bill, and sam (but none of these users know the
> root password)
>
> The same user decides to do the dirty deed he did in the above scenario.
> Sudo actions are logged by user name, the user only has limited
> privledges when not using sudo.
> John now uses sudo to do his dirty work, and it is logged by user
> name/time/command
> Analysis shows john did the nasty deed.
>
> Who is responsible????? Answer: john.
IMHO, sudo works great if you need to give out a very limited set of
privs to a specific non-system admin (e.g., an applications programmer
responsible for a package that needs root privs to start).
Also, IMHO, system admins need two things:
1. A clue as to what they're doing.
2. They need to be trustworthy and have the trust of management.
If you have someone in your company who would intentionally destroy
a system with something like "rm -rf /", they have no business being a
system admin- period.
It all comes down to trust. You need to be able to trust your system admins.
If you can't, your company has real problems.
Having multiple root logins is no big deal if someone isn't trying to
cover things up. There are lots of logs that indicate which "root login"
was active at the time. If you have someone intentionally covering things
up, they can modify the log files too... :)
Yes, accidents happen, but a real system admin takes responsibility for
an "Oops" and fixes things. A really, really good system admin fixes things
before anybody figures out things are broken... :)
Junior system admins should not have access to critical, production servers.
They should hone their "root" skills by building servers (prior to going
production) under the mentorship of a senior admin. The next step would be
to manage non-critical servers themselves (again, under the mentorship of
a senior admin). A responsible admin knows their limits and asks for help
if they get into a situation over their head.
My $0.02.
--- Cris
--
Cristopher J. Rhea Mayo Foundation
Research Computing Facility Pavilion 2-25
crhea@xxxxxxxx Rochester, MN 55905
(507) 284-0587 Fax: (507) 284-5231
