Re: [Veritas-bu] login through veritas
2008-02-09 15:20:05
This is what I’m saying. ;)
From: Ed Wilts
[mailto:ewilts AT ewilts DOT org]
Sent: Saturday, February 09, 2008
12:04 PM
To: Curtis
Preston
Cc:
veritas-bu AT mailman.eng.auburn DOT edu
Subject: Re: [Veritas-bu] login
through veritas
On Feb 9, 2008 1:18 PM, Curtis Preston
<cpreston AT glasshouse DOT com>
wrote:
Remember: background checks on your backup admin are a good
thing
Just remember that as a backup admin, I'm also a restore admin. I
can restore your passwd and shadow files with my own, read any file on your
system and restore it to my own system, and restore garbage overwriting good
files on your system. It wouldn't take me an hour to write a script that
would render every backup client unbootable and also wipe out all of the backup
images. If you don't trust me, then we both have a problem.
Similarly, we have to trust our electricians not to fry all of our equipment
and our janitors not to see what a bottle of Coke will do to a storage array or
a tape library.
No amount of NetBackup authentication protection will help you with a
disgruntled backup/restore administrator. The rights they need to do
their jobs are precisely the same rights they can use to hurt us (not unlike
the Secret Services carrying guns while protecting our president).
.../Ed
--
Ed Wilts, Mounds View, MN, USA
mailto:ewilts AT ewilts DOT org
|
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|