How Do You Protect Servers From a Rogue Admin?

Treborto writes "I work with a non-profit that has an extensive collection of photos and videos. These are used in publications and on the web. We have several levels of privileges: read-only of small, watermarked images; read-only of large, clean images; edit of the site; and admins who can confer privileges. It has happened that people leave the organization in anger. So far, no Admin has done so. Is there a back-up, site mirroring, privilege, or other strategy you'd recommend so we have protection from an Admin gone bad?"

Tips for "rouge" admin defense

[Okian+Warrior]

Rogue admins are extremely rare. So rare that there are many other more likely threats you will encounter, such as hackers or data breach. Worry about those first.

The reality is that most people work in a spirit of cooperation and don't want the black mark on their reputation. They would rather walk away without burning bridges.

That being said, bad admins (and employees in general) spring from two causes: bad treatment and pre-existing jerks.

The best way to handle both situations is to talk to your employees regularly, and find out how they feel. If you know that some policy or other is bothering them, you can avert a crisis very easily if you know about it beforehand.

Some people are just jerks. Don't let these people continue in your organization, even if they are brilliant and highly capable, and even if you don't have an equally brilliant replacement. A mediocre replacement who can work well with others will be much more productive.

(Often said: About 15% of your productivity comes from innate ability, 85% from working with others.)

That having been said, if you're really worried about someone doing you in, make sure you have regular backups and that you personally have access to the backup system. Reformatting a disk and copying data is easy - position yourself so that you can recover completely from the maximum damage they can do.

Same As Always

[rtb61]

How do you protect servers from rogue admins, they same way you protect passengers jets from rogue pilots, they say way you protect ships from rogue captains, the same way you protect buses from rogue drivers, the same way you protect trains from rogue engineers and even the same way you protect patients from rogue doctors.. You don't, any protection you put in place to protect a server from a rogue administrator will be broken by that rogue administrator if they are in any way competent. I suppose you could always seek to hire the most incompetent admin you can find a person who lacks the expertise to break the servers but somehow that seems rather pointless. So how do you protecct your servers from rogue admins, don't hire them in the first place. Consider a full psych evaluation (stay away from the anal types), pay a food salary and, make them part of the executive team.

Re:What's the real problem?

[khallow]

Again, it's not on topic The "piece of shit" almost surely would ignore or punish such advice.

And it's worth noting that people can get angry for reasons that don't have anything to do with the job. I don't care how wonderful the work environment is. Someone having trouble with life and a bit of mental illness can get angry anyway.

Auditing and consequences

[Peeteriz]

No matter what solutions you use for backups, the admin will be able to corrupt or bypass them in some way given enough thought and motivation.

However, for sane though disgruntled people it would be sufficient for them to have the common sense understanding that malicious actions will have strict consequences - people generally don't risk going to jail just to annoy a manager or company. And in the cases where someone would really be prepared to risk that, I'd rather worry about them coming to office with a gun, not tampering with a pile of pictures.

What was the aftermath of the previous cases you say of people leaving in anger and presumably doing something damaging? Your previous reaction in these cases forms the expectations in your admins about what they can get away with when leaving in anger.

Re:Change Root Passwords to Your Box

[Cley+Faye]

Even better, set both your system and sudo so that nothing ever goes root... Using system user accounts instead of root mean that even if someone goes berserk, he won't have full access on the system; and restrict sudo to only run some commands as other users, instead of using ALL everywhere...

Re:What's the real problem?

And again, the grandfather comment is perfectly apropos to the topic. The issue being submitted has much in common with other managerial issues. When a manager or executive places a person in a position of power, the reason is because that person is considered to be competent to administer that power, as well as accomplish tasks that the managerial person is not disposed or competent to do.

In every case, the manager or executive accepts the risk of employing said person, and should be accountable to managing that person in a considerate and appropriate manner.

If said person "goes out with a bang", it is often the result of poor management and communication to begin with. What makes you or anyone else think that unhinging the powers designated that employee would be adequate compensation for such a diverse problem? Furthermore, if this person has the powers you've provided them, it wouldn't take much for them to circumvent a manager's or executive's safeguards against their own plot.

The best one can do is to employ several persons with the same powers, and hope that they work in check and balance model. But the risk still remains. One could use the strategy that seems to work for the process of launching a nuclear attack, but the subjected admin(s) will hate management for that, and thus will be born the seed of the very problem that is presented.

Ultimate control is impossible. Stop being a pussy, and take some goddamn risks. Oh yeah, and talk respectfully to your employees - that helps too.