[Mageia-sysadm] Usernames, uids, and groups

nicolas vigier boklm at mars-attacks.org
Wed Nov 10 17:25:41 CET 2010


On Wed, 10 Nov 2010, Buchan Milne wrote:

> On Wednesday, 10 November 2010 11:55:00 nicolas vigier wrote:
> > On Wed, 10 Nov 2010, Luca Berra wrote:
> 
> > > 2) Accountability. No idea in France, but here system administratros
> > > need to be accounted (*).
> > 
> > When someone runs "sudo su -" or something equivalent there is no
> > accountability on what he did after that.
> 
> Don't ever give blanket unaudited sudo. For editing files, provide sudoedit 
> rules. For commands that can not be specified in advance:

Hmm, I don't think we should try to restrict what admins can edit or
run, or we will spend too much time managing permissions. And I'm not
sure what we're trying to avoid here, untrusted people should not be in
sysadmin team.



More information about the Mageia-sysadm mailing list