On Thu, Jan 26, 2006 at 08:46:10AM -0500, Jeff Lightner wrote:
> Sudo is a great idea for using utilities but any Unix Admin worth
> his/her salt isn't going to give you a root shell via sudo - it defeats
> the whole point of not giving out the root account in the first place.
> The audit objections to having root is not the specific account but the
> total power over the system it confers and giving you a root shell via
> sudo would allow that same power.  Sudo should be used only to give you
> access to specific commands.
> 
> If auditors at your company missed this then you lucked out but should
> probably suggest to your management that they hire a new auditing
> company next time because only God knows what else they missed.   At a
> prior job I did give access to multiple accounts via sudo but you can be
> sure none of them were root level.

We *know* what giving out a root shell entails.  The people that have
been granted this privilege have earned this level of trust.

As I said though, if you have access to NetBackup commands - like backup
and restore - the system is yours, no matter what anybody else does.
You have "the total power over the system".  Nothing stops you from
restoring a passwd file or a new sudoers file.  Sure, it's harder, but
the system is yours nevertheless.   Similarly, we have physical access
to all of the servers that we manage anyway so those systems are "ours"
too, even though we're not the admins.  

All of our NetBackup admins previously admin'ed other production-
critical systems, and some (including me) still do.  I have primary
administration responsbilities for a VMS cluster and a bunch of Linux
systems, plus the company's DNS (both internal and external) and DHCP
infrastructure.  If the company couldn't trust me with root access to
the master server, I wouldn't be here.

        .../Ed

-- 
Ed Wilts, Mounds View, MN, USA
mailto:ewilts AT ewilts DOT org