If you tried that on production, you just broke every automated ssh attempt between systems, and now you've got to manually edit every known_hosts file to remove the old keys. Then you've got to manually add or ssh into the hosts all over again to re-establish key trust.
Well, I couldn't say that for sure, but there's more information to the story that I'm unwilling to share with the public at large that definitely points to the user in question.
You do raise a good point, though. Not all of the bad things that people in power can do are passive.
You want to backup your ipod files on a company computer? I'd rather you didn't, but we gave you a whole laptop, so knock yourself out. Don't copy that over to your home directory on the network though.
Are you kidding? Just because you're a "wage slave" doesn't mean that you should seek retribution by actions that violate the trust you've been given.
You're not justified, and comparing your position in a company to that of a slave and a master is so completely juvenile that I have to wonder how you got in that position at all.
If you don't like your position, get another one in another company. If no one will hire you, improve yourself (and practice some damned ethics by not going through other people's email) until you can get hired somewhere else.
A friend of mine, who has a mischievous bent, would always have people call me as a personal reference. Invariably, I would tell them the truth. "He's a hard worker. He'll be a credit to your team". etc, etc. At the end, when they asked if there was anything else I'd like to add, I'd always say "Yes. Like I said, if you hire him, he'll be an excellent member of your team. Just don't let him get bored".
I think you're confusing the word "curious" with the term my grandma used. "Nibshit".
It's great to be curious. Wondering how things work will definitely teach you.
Being a nibshit will only get you into things you shouldn't.
Of course, at one of my old jobs at an ISP, another admin (who was a nibshit) found a stash of kiddie porn in a users folder. I suppose it's a positive story, since the guy ended up going to jail.
Suppose you have a high level IT staff member quit.
You go through the normal password rotation, and call it a day, but they still had access to the private keys of every server. Do you generate all new keys for every server? How do you reconcile that with the authorized_keys and known_hosts files across the network? That's a large infrastructure change.
Maybe I got snooping out of my system early enough, before I was an admin. I just don't even care what my users email about. I'm too busy actually fixing things to care, unless something breaks.
Like I said, the only time I care about content is when it's taking up too much space.
I did have a user's mail break once, because she kept receiving 20MB attachments and she didn't know how to delete it. There was a hard filesize limit of 2GB in the mail software. I cared a lot about that content...enough to tell her to delete it now.
It's a damned poor state of affairs that so many people put in that situation of trust betray it.
I've been a systems admin for the better part of a decade, and the only time I've ever accessed the company's assets are when it was warranted.
The same goes for user files. I'm not going to snoop through other people's files. Really, I don't care what boring files you keep, just that they don't fill up the partition they're sitting on.
Slashdot Mirror
You may be right, but I guess it would depend on the motivation of the person doing the snooping.
These are the same parasites who have chained you to the desk, right?
Grow up and get another job.
It's not their public key I'm worried about. It's the copy they made of the servers' private keys
Down your path, madness and insanity reign.
If you tried that on production, you just broke every automated ssh attempt between systems, and now you've got to manually edit every known_hosts file to remove the old keys. Then you've got to manually add or ssh into the hosts all over again to re-establish key trust.
Well, I couldn't say that for sure, but there's more information to the story that I'm unwilling to share with the public at large that definitely points to the user in question.
You do raise a good point, though. Not all of the bad things that people in power can do are passive.
Meh, if he's unprofessional enough to snoop, he's probably unprofessional enough to lie about it, too
Precisely.
You want to backup your ipod files on a company computer? I'd rather you didn't, but we gave you a whole laptop, so knock yourself out. Don't copy that over to your home directory on the network though.
That kind of thing makes me mad, too
I agreed up to the "beyond reproach".
Oversight should be available if necessary and warranted.
why wouldn't I read it?
Are you kidding? Just because you're a "wage slave" doesn't mean that you should seek retribution by actions that violate the trust you've been given.
You're not justified, and comparing your position in a company to that of a slave and a master is so completely juvenile that I have to wonder how you got in that position at all.
If you don't like your position, get another one in another company. If no one will hire you, improve yourself (and practice some damned ethics by not going through other people's email) until you can get hired somewhere else.
Eh, I don't even look in home directories unless there's an issue.
/home
The closest I come to general surveillance is
cd
du -m -s | sort -g
You make a decent point.
A friend of mine, who has a mischievous bent, would always have people call me as a personal reference. Invariably, I would tell them the truth. "He's a hard worker. He'll be a credit to your team". etc, etc. At the end, when they asked if there was anything else I'd like to add, I'd always say "Yes. Like I said, if you hire him, he'll be an excellent member of your team. Just don't let him get bored".
Your post should be in big, giant letters, and everyone in this thread should read it.
If you were an administrator, you wouldn't have been snooping. You would have been pen-testing the internal network.
That's not only allowed, that's encouraged.
Right! And once you've broken the rules by snooping into those things, it's only a small slip down the slope to editing them for fun and profit.
If you've got root on a machine, you can absolutely copy the private key from that machine.
If you then apply that private key to another machine properly, you can authenticate as that machine.
The everlasting gobstopper approach...I like it!
Or get your files deleted...
There seems to be a lot more cheating going on and as a result not much character building
Exactly. The 'if they don't catch me then I'm allowed' mindset is definitely the wrong mindset to have.
Agreed.
/it's cool, I'm supposed to be on Slashdot
If you've got time to snoop, you're not doing it right.
I wish I had time to keep even with the stuff I was supposed to be doing.
I think you're confusing the word "curious" with the term my grandma used. "Nibshit".
It's great to be curious. Wondering how things work will definitely teach you.
Being a nibshit will only get you into things you shouldn't.
Of course, at one of my old jobs at an ISP, another admin (who was a nibshit) found a stash of kiddie porn in a users folder. I suppose it's a positive story, since the guy ended up going to jail.
it's nice to develop a bit of indifference
Exactly.
Ah, apathy. The cause of, and solution to, life's problems
Which really brings up another question to me.
Suppose you have a high level IT staff member quit.
You go through the normal password rotation, and call it a day, but they still had access to the private keys of every server. Do you generate all new keys for every server? How do you reconcile that with the authorized_keys and known_hosts files across the network? That's a large infrastructure change.
Are there SSH key servers that allow this?
I've got my users scared :-D
They call me before they write so much as a shell script.
This has good and bad points.
Maybe I got snooping out of my system early enough, before I was an admin. I just don't even care what my users email about. I'm too busy actually fixing things to care, unless something breaks.
Like I said, the only time I care about content is when it's taking up too much space.
I did have a user's mail break once, because she kept receiving 20MB attachments and she didn't know how to delete it. There was a hard filesize limit of 2GB in the mail software. I cared a lot about that content...enough to tell her to delete it now.
It's a damned poor state of affairs that so many people put in that situation of trust betray it.
I've been a systems admin for the better part of a decade, and the only time I've ever accessed the company's assets are when it was warranted.
The same goes for user files. I'm not going to snoop through other people's files. Really, I don't care what boring files you keep, just that they don't fill up the partition they're sitting on.
Do that, and suffer my wrath.