Re: [Veritas-bu] Non-root administration
2008-07-02 14:16:23
Well – I’ll agree with Curtis.
In large organizations unfortunately the
backup tool isn’t the only one that will let you back door into
root. However, one has to have policies in place that make it clear that
administrators of these tools (if they are not also the System Admins) aren’t
allowed to do things outside the scope of the tool.
Handing people direct root login implies
they have equal rights to a system as the SAs and my experience at my current
job has driven home what horrible can of worms that assumption is and how hard
it is to overcome it.
Making folks request sudo access to
various commands makes it clear they are being given limited access and more
difficult for them to say “I didn’t know that wasn’t allowed”
after they do something untoward.
It won’t get rid of malicious intent
but it does help to tamp down on “experimentation” without change
control.
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Ed Wilts
Sent: Wednesday, July 02, 2008
1:30 PM
To: Curtis Preston
Cc: Esson, Paul;
veritas-bu AT mailman.eng.auburn DOT edu
Subject: Re: [Veritas-bu] Non-root
administration
On Wed, Jul 2, 2008 at 12:20 PM, Curtis Preston <cpreston AT glasshouse DOT com> wrote:
I'm afraid I'm going to have to respectfully disagree with
you, there, Ed. I trust a new backup admin in that I trust him not to
circumvent the security that I have set up. (OK, Trust but verify.)
That's not the same thing as saying "Well, he's the backup guy, so he can
easily get root if he's a black hat, so we might as well give him root."
The backup admin is often a junior person, and handing them
the complete keys to the kingdom just because it makes his/her job easier isn't
something I'm interested in doing.
Around here, we have 3 key people in charge of backups and each of us has been
with the organization for over 10 years. You're probably right in that it
is often a junior person, but then most organizations are often wrong - backups
are such a critical part of operations that assigning them to a junior person
is very shortsighted. I saw a recent presentation going over restore
workflows. It should surprise you, but I'll bet it doesn't, that a very
common restore workflow is to submit a request to add the client to a new
backup schedule so you can restore it the next time you need to...
So what's the official non-root admin answer for 6.5? I
didn't realize the non-root-admin script was gone.
Symantec has this whole access control/security thing (VxSS?), but
every time it gets brought up on this list, people just say how much it
sucks. I haven't yet read a single post from anybody who's implemented it
and been satisfied with it.
It's a really tough problem...
My suggestion that you form a good partnership with your admin group still
stands.
.../Ed
--
Ed Wilts, Mounds View, MN, USA
RHCE, BCFP, BCSD, SCSP, SCSE
mailto:ewilts AT ewilts DOT org
If I've helped you, please make a donation to my favorite charity at http://firstgiving.com/edwilts
---------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ----------------------------------
|
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|