Slashdot Mirror


How Would You Distribute Root Access?

dhanks asks: "I'm one of 10 administrators in our group. We're equally responsible for about 300 UNIX servers. We're having problems keeping track of all the root passwords and some of the administrators have taken it upon themselves to implement different security standards. (sudo with silly !SHELLS restrictions) How do other companies and system administrators handle the distribution of root access? I've been charged with coming up with a security policy and I would like to receive some feedback. I'm currently thinking of personal root accounts that would be locked via the /etc/passwd and would only be accessible via 'sudo su - adm_userid' that way each administrator may have full root access only using his regular user password instead of having to keep track of root passwords." While this is similar to an earlier question, this question deals with insuring authorized administrators have the access they need. How would you distribute root over hundreds of Unix machines to the administrators that need it?

4 of 148 comments (clear)

  1. Public Keys, ACLs, and sudo by imsmith · · Score: 4, Insightful

    With that many systems, the only rational access control seems to be to be using public keys and SSH agent to deal with the logon issue. Once in the system, the only way to keep track of so many cooks in the kitchen is to have sudo running and logging sysadmin actions. Finally, if there are specific files or groups of files that need special attention, I'd probably use ACLs to control access. Another thing that seems like a pain in the ass until it saves you is RCS. Especially with so many admins, being able to roll back a config change quickly is a lifesaver.

  2. What about key-based SSH authentication? by DocSnyder · · Score: 5, Insightful
    Every admin can generate his SSH key pair and have the public key appended to /root/.ssh/authorized_keys. Maybe the private keys could be stored on a USB stick or a chip card for better security. They should be protected by key-specific passwords, too.

    So nobody would get in touch with actual root passwords, which can be stored at a safe place.

  3. Re:dealing with this as well... by Brandybuck · · Score: 4, Insightful

    Give _everyone_ root access.

    What! You've got to be kidding me! Unless you're also requiring them to also fully administer their machines, this is one of the lamest ideas I've seen in months.

    Just because they're developers doesn't mean they're smart, competent or even computer savvy. It certainly doesn't mean that they're trustworthy.

    --
    Don't blame me, I didn't vote for either of them!
  4. Re:Sudo and CVS by Elwood+P+Dowd · · Score: 4, Insightful
    Ok, ok. You convinced me. A workaround is needed:
    sudo wget http://ftp.gnu.org/gnu/bash/bash-2.05b.tar.gz
    sud o tar zxf bash-2.05b.tar.gz
    cd bash-2.05b
    sudo configure;make;./bash
    Here's a hint: If you are a trusted user, then you can create a process that will do all the things you desire without logging. You could patch the OS and log system calls, but they could patch the OS and fix your logs.

    If you do not trust a user, then do not make them a trusted user. Leastaways don't make them a trusted user on the machine that is supposedly logging their actions.
    --

    There are no trails. There are no trees out here.