[Mageia-sysadm] Usernames, uids, and groups
Luca Berra
bluca at vodka.it
Wed Nov 10 07:56:58 CET 2010
On Wed, Nov 10, 2010 at 01:01:21AM +0100, nicolas vigier wrote:
>On Tue, 09 Nov 2010, Buchan Milne wrote:
>> On Monday, 8 November 2010 17:29:24 nicolas vigier wrote:
>> > On some machines like the svn server, we need to use pam_ldap to allow
>> > users access with their ldap accounts. But on others servers like
>> > alamut (web services), or the build nodes, normal users have no reason
>> > to login.
>>
>> But, sysadm members have a reason, and I see no reason to increase their
>> overhead with local accounts.
>
>Maybe not on alamut, but on build nodes, I don't think user accounts for
>sysadmins will be very useful. The only reason to login to those nodes
>will be to check/fix iurt problems, which requires root permissions.
i have a couple of doubts with this
1) root password handling: if you plan to use root account to logon to
build nodes you have to manage communicating the password securely to
all people who would need that.
2) Accountability. No idea in France, but here system administratros
need to be accounted (*).
for the above reasons i believe it would be better if sysadm use their
own account to logon and sudo to do maintainance tasks
(*) actually this is not strictly true. it depends on which kind of
data they handle, but 99% of companies prefer going the stricter way.
L.
--
Luca Berra -- bluca at vodka.it
More information about the Mageia-sysadm
mailing list