[Mageia-sysadm] Usernames, uids, and groups
Luca Berra
bluca at vodka.it
Wed Nov 10 18:46:05 CET 2010
On Wed, Nov 10, 2010 at 06:11:21PM +0100, nicolas vigier wrote:
>On Wed, 10 Nov 2010, Luca Berra wrote:
>
>> On Wed, Nov 10, 2010 at 01:27:00PM +0100, Buchan Milne wrote:
>>> On Wednesday, 10 November 2010 11:55:00 nicolas vigier wrote:
>>>> On Wed, 10 Nov 2010, Luca Berra wrote:
>>>
>>>> > 2) Accountability. No idea in France, but here system administratros
>>>> > need to be accounted (*).
>>>>
>>>> When someone runs "sudo su -" or something equivalent there is no
>>>> accountability on what he did after that.
>> sure, except the fact itself :P
>
>You could hide it easily. Edit a script called "backup.sh" containing
>"exec bash" and run it with sudo.
Agreed,
there are many ways an admin can cover its tracks.
The best you can do with current unix semantics is maintain a record
somewhere that user x did administrative tasks on server y at a
specified time, I don't know if any of this is actually required by
mageia, and if i am just chasing ghosts.
L.
--
Luca Berra -- bluca at vodka.it
More information about the Mageia-sysadm
mailing list