Slashdot Mirror

← Back to Stories (view on slashdot.org)

Handing Over Root Passwords to Clients and Contractors?

Posted by Cliff on from the tricky-ethical-dilemmas dept.

waa asks: "I have a client who's system I remotely administer. This particular machine has been up performing its various duties 'problem-free' for 4 months (since last kernel patch/fix). The client has, on-site, a consultant who pretends to know things he certainly does not know; Linux systems administration for one, and they now have requested the root password. Since it is their system, I'd imagine they have every right to the root account, however I know for sure that as soon as this is handed over, things will start to mysteriously malfunction, and I will get an emergency call to get them back in service (or worse, I will be blamed; ie: back-stabbed). I'd rather not have to troubleshoot and fix a completely preventable, and possibly complex problem. What are peoples' experiences regarding this situation? How have you handled it? Is some form of 'release from responsibility' contract in order? I need some advice soon" In situations like this, communication with the client is important. If you ever run into a situation like this, talking to the client and informing them of the potential problems is always a good idea. If any problems happen afterward. Start documenting them, and pass them back to the actual client if things start to become a problem. Anyone else care to weigh in?

2 of 24 comments (clear)

  1. Psuedo Root by cybermage · · Score: 3, Insightful

    Express your concern about stability to your client. Find out from your client what they want to use the password for. Explain the difference between routine administration (e.g. adding users) and server maintenance (e.g. kernel patches) and suggest that you set-up psuedo root access for routine tasks and then backup the files the psuedo account can change.

    It is not uncommon to provide clients with a 'root' account that lets them configure the services they use (e.g. POP3, Samba) without giving full access to things like 'make'. Understanding how to do this is left as an exercise for the reader.

    --
    Some people have a way with words, and some people, um, thingy.
  2. Root Isn't Takin' a Turn With Your Sister by InitZero · · Score: 3, Insightful

    The system belongs to the customer. It's just root. Give it to them. If it breaks, you fix it. If they break it, you fix it. That's what you get paid for.

    How many people do stupid things to their cars? Have you ever heard a mechanic consider not giving a customer his keys after a repair has been made? Of course not. The mechanic would go out of business. Your job is to fix computers. Do it.

    To protect your reputation, however, make sure there are no direct root logons. By making folks logon as themselves first then su'ing to root, you know whose pecker tracks are all over the issue.

    InitZero