Re: [Veritas-bu] Non-root administration
2008-07-02 13:49:26
On Wed, Jul 2, 2008 at 12:20 PM, Curtis Preston <cpreston AT glasshouse DOT com> wrote:
I'm afraid I'm going to have to
respectfully disagree with you, there, Ed. I trust a new backup admin in that
I trust him not to circumvent the security that I have set up. (OK, Trust but
verify.) That's not the same thing as saying "Well, he's the
backup guy, so he can easily get root if he's a black hat, so we might as
well give him root."
The backup admin is often a junior person,
and handing them the complete keys to the kingdom just because it makes his/her
job easier isn't something I'm interested in doing. Around here, we have 3 key people in charge of backups and each of us has been with the organization for over 10 years. You're probably right in that it is often a junior person, but then most organizations are often wrong - backups are such a critical part of operations that assigning them to a junior person is very shortsighted. I saw a recent presentation going over restore workflows. It should surprise you, but I'll bet it doesn't, that a very common restore workflow is to submit a request to add the client to a new backup schedule so you can restore it the next time you need to...
So what's the official non-root
admin answer for 6.5? I didn't realize the non-root-admin script was
gone.
Symantec has this whole access control/security thing (VxSS?), but every time it gets brought up on this list, people just say how much it sucks. I haven't yet read a single post from anybody who's implemented it and been satisfied with it.
It's a really tough problem...
My suggestion that you form a good partnership with your admin group still stands.
.../Ed
-- Ed Wilts, Mounds View, MN, USA RHCE, BCFP, BCSD, SCSP, SCSE
mailto:ewilts AT ewilts DOT org
If I've helped you, please make a donation to my favorite charity at http://firstgiving.com/edwilts
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|