CO(tm) 4.2 File: mail.txt
philip@konark.ncst.ernet.in wrote
Which I also do not agree with.
{snip}
but then philip, what wud be the best thing to do in a situation where the root password is shared between a team of administrators. The objective of my suggestion was to implement detective controls for the root account. Is there any other way to do this?
Sure the best thing is not to share the root password, but i have seen a number of places where root passwords are shared so that if one administrator is not able to come in or is not reachable, another authorised person is available to manage the servers.
- Shankar
On Tue, 22 Oct 2002 shankar_ramchan@vsnl.net wrote:
but then philip, what wud be the best thing to do in a situation where the root password is shared between a team of administrators. The objective of my suggestion was to implement detective controls for the root account. Is there any other way to do this?
Please fix your line length.
I did not say don't su. They should still su. All I said is, don't prevent logging in as root.
If the admins log in as root, the problems are larger than just accountability.
Philip
-
Philip S Tellis -
shankar_ramchan@vsnl.net