[Mageia-sysadm] Usernames, uids, and groups
Buchan Milne
bgmilne at multilinks.com
Wed Nov 10 13:27:00 CET 2010
On Wednesday, 10 November 2010 11:55:00 nicolas vigier wrote:
> On Wed, 10 Nov 2010, Luca Berra wrote:
> > 2) Accountability. No idea in France, but here system administratros
> > need to be accounted (*).
>
> When someone runs "sudo su -" or something equivalent there is no
> accountability on what he did after that.
Don't ever give blanket unaudited sudo. For editing files, provide sudoedit
rules. For commands that can not be specified in advance:
(this one requires a bit of setup, but is superior)
# urpmi eash
or consider sudosh (but, it only logs locally, so I didn't package it).
Regards,
Buchan
More information about the Mageia-sysadm
mailing list