How Do You Protect Servers From a Rogue Admin?

Treborto writes "I work with a non-profit that has an extensive collection of photos and videos. These are used in publications and on the web. We have several levels of privileges: read-only of small, watermarked images; read-only of large, clean images; edit of the site; and admins who can confer privileges. It has happened that people leave the organization in anger. So far, no Admin has done so. Is there a back-up, site mirroring, privilege, or other strategy you'd recommend so we have protection from an Admin gone bad?"

You have to trust someone

[HangingChad]

And usually that's the admins. Most admins gone bad would be smart enough to bone the backups if they were going to do deliberate damage. The best way to protect yourself is an off-site DVD backup, but that's a lot of work to keep current.

Re:What's the real problem?

[Antique+Geekmeister]

Those problems may be why the non-profit _exists_. People passionately involved in political or social issues are often _very_ political and social. Excited, eager volunteers can far too easily become disillusioned and angry: this certainly happens in the open source community all the time. After all, OpenBSD was created when Theo de Raadt had issues with the rest of the NetBSD development group. You can try to weed out all dangerous emotional issues from your agenda, you can try to filter out over-passionate members, but then you lose the very ability to create or to change the world that non-profits are created for.

With that in mind, the admins can also be passionate about issues and often are. Often underpaid and administered by people confused about technology, keeping things working with limited non-profit budgets is an artform, and I applaud and learn fascinating tricks from such personnel, and try to share knowledge with them to both of our advantages. In this case, the knowledge is about protocols for password management, protecting email backups, arranging reliable and recoverable and _thorough_ offsite backups and restoration procedures, and how to detect malicious behavior early.

Giving good advice requires some background of the operating systems and amount of data involved. Are there databases involved? Personal information such as credit cards and home addresses? Email from the board of directories? Is it on an Exchange mail server, or GMail services? The details matter a lot.

Don't Trust The Bosses

[Kenshin]

At a small company I used to work for ("used to" being the key phrase here), the bosses, who both insisted on full admin rights, had a bit of a difference with each other. One of the bosses came in one Saturday night, killed the backup (they never took my advice of having multiple backups, including one off-site), and ran off with the server.

I tried recovering the backup, but he did a remarkable job in killing it.

The company didn't exist for more than a week after that.

Re:What's the real problem?

[omglolbah]

While I dont fully agree with those claiming this is completely "off topic" it doesnt really answer the question at all.

The issue might be that the admins work in an organization with shitty leadership but that is not really something an admin can reasonably be expected to 'fix'.

What can be done though is to set up systems that mitigate the risk and damage of someone going batty. That is the question presented, not how to fix bad management!