root users

Guy Fraser guy at incentre.net
Tue Apr 20 20:45:20 UTC 2004


Somebody Wrote :-)

>>Here is a situation where this does not make sense, and the use of sudo 
>>does make sense
>>
>>1. Multiple users with root authority.
>>    john,     bill,  and   sam
>>
>>one of these 3 happens to get mad/upset/frustrated/careless
>>This user (lets say john) logs in and runs some commands that are very 
>>destructive to the system
>>       (have you ever heard of "rm -rf /" being run????)
>>All three users actions are recorded as being done by root, thus no way 
>>to track who did what or when.
>>The analysis of the problem shows that "root" did some 
>>dumb/careless/harmfull things to the system.
>>
>>Who is responsible?????       Answer: one of the above
>>
>>2. One closely guarded root account with multiple users allowed the same 
>>access with sudo.
>>    again,   users john, bill, and sam (but none of these users know the 
>>root password)
>>
>>The same user decides to do the dirty deed he did in the above scenario.
>>Sudo actions are logged by user name,  the user only has  limited 
>>privledges when not using sudo.
>>John now uses sudo to do his dirty work, and it is logged by user 
>>name/time/command
>>Analysis shows john did the nasty deed.
>>
>>Who is responsible?????    Answer:  john.
>>    
>>
Unless john did this first :

sudo su - root

Whis will be logged, but then john is root, and never needed to know
the root password, and all further comands will not be logged using john.:-(

Read the man page for 'sudoers', and establish appropriate access 
for different groups and users, and only give 'su' access to trusted 
administrators. Remember and command run with sudo is run with root 
access, and anyone who can replace a file owned by root can replace 
your security measures.

If only trusted administrators should have access to 'mount' and 'su' then you can mount some filesystems read only and other with other
options to reduce catastrophic mistakes. Another good idea is to use 
rsync to "backup/replicate" important information on a heavily secured
machine with limited access. We use rsync daily on a second ethernet 
interface on all our servers, then do backups of the "images" on a 
centralized backup server. Since the OS "template" is the same on 
all servers, only the differences need to be retrieved from all 
machines, reducing backup requirements. We also run tests on the 
"images" to ensure none of the machines have had programs replaced
with a modified version.

Who said 'The future is friendly' :-!







More information about the fedora-list mailing list