[Mageia-sysadm] Usernames, uids, and groups
nicolas vigier
boklm at mars-attacks.org
Wed Nov 10 11:55:00 CET 2010
On Wed, 10 Nov 2010, Luca Berra wrote:
> On Wed, Nov 10, 2010 at 01:01:21AM +0100, nicolas vigier wrote:
>> On Tue, 09 Nov 2010, Buchan Milne wrote:
>>> On Monday, 8 November 2010 17:29:24 nicolas vigier wrote:
>>> > On some machines like the svn server, we need to use pam_ldap to allow
>>> > users access with their ldap accounts. But on others servers like
>>> > alamut (web services), or the build nodes, normal users have no reason
>>> > to login.
>>>
>>> But, sysadm members have a reason, and I see no reason to increase their
>>> overhead with local accounts.
>>
>> Maybe not on alamut, but on build nodes, I don't think user accounts for
>> sysadmins will be very useful. The only reason to login to those nodes
>> will be to check/fix iurt problems, which requires root permissions.
> i have a couple of doubts with this
> 1) root password handling: if you plan to use root account to logon to
> build nodes you have to manage communicating the password securely to
> all people who would need that.
We don't use password, we use ssh keys added to the root account by
puppet.
> 2) Accountability. No idea in France, but here system administratros
> need to be accounted (*).
When someone runs "sudo su -" or something equivalent there is no
accountability on what he did after that.
More information about the Mageia-sysadm
mailing list