[Mageia-sysadm] Usernames, uids, and groups
Luca Berra
bluca at vodka.it
Wed Nov 10 17:57:36 CET 2010
On Wed, Nov 10, 2010 at 01:27:00PM +0100, Buchan Milne wrote:
>On Wednesday, 10 November 2010 11:55:00 nicolas vigier wrote:
>> On Wed, 10 Nov 2010, Luca Berra wrote:
>
>> > 2) Accountability. No idea in France, but here system administratros
>> > need to be accounted (*).
>>
>> When someone runs "sudo su -" or something equivalent there is no
>> accountability on what he did after that.
sure, except the fact itself :P
>Don't ever give blanket unaudited sudo. For editing files, provide sudoedit
>rules. For commands that can not be specified in advance:
note that current sudo has a bug regarding wildcards,
http://www.gratisoft.us/bugs/show_bug.cgi?id=449
>(this one requires a bit of setup, but is superior)
># urpmi eash
>
>or consider sudosh (but, it only logs locally, so I didn't package it).
newer sudo implement the logging functionality, so sudosh is no longer
needed
as for the local log only with sudosh i had implemented by making it log
on an nfs share (with root_squash), thus preventing admins on nfs client
to muck with the logs.
i will look at EAS tough, seems interesting.
--
Luca Berra -- bluca at vodka.it
More information about the Mageia-sysadm
mailing list