[Mageia-sysadm] Usernames, uids, and groups

Buchan Milne bgmilne at multilinks.com
Wed Nov 10 13:27:00 CET 2010

On Wednesday, 10 November 2010 11:55:00 nicolas vigier wrote:
> On Wed, 10 Nov 2010, Luca Berra wrote:

> > 2) Accountability. No idea in France, but here system administratros
> > need to be accounted (*).
> When someone runs "sudo su -" or something equivalent there is no
> accountability on what he did after that.

Don't ever give blanket unaudited sudo. For editing files, provide sudoedit 
rules. For commands that can not be specified in advance:

(this one requires a bit of setup, but is superior)
# urpmi eash

or consider sudosh (but, it only logs locally, so I didn't package it).


More information about the Mageia-sysadm mailing list