Re: [tlug] server installation best practices/ worksheet

[Stuart Luppescu <slu@example.com>]

On å, 2007-05-26 at 00:18 +0900, Patrick Kellaher wrote:
> Just my 2 cents about #3, what dis-allowing root log ons does is
> create 
> a fine grained audit trail.  What to know which sysad logged in at a 
> particular time and made that change that inadvertently killed
> something 
> else?  You will never know for sure if all the sysads log on with
> root.  
> su and sudo add entries into the logs so you know who was doing what
> and 
> when. 

I never liked sudo, so I set up separate accounts for all admins (e.g.,
rfred, rnaoko, etc.) and just change the uid to 0 for these accounts
in /etc/passwd. I think this provides me with accountability, and if I
see someone has logged in as actual ``root'', it sends up a red flag.
-- 
Stuart Luppescu -=-=- slu <AT> ccsr <DOT> uchicago <DOT> edu
CCSR at U of C ,.;-*^*-;.,  ccsr.uchicago.edu
     (^_^)/    ææãæåçãç
Thank God I'm an atheist!

Attachment: smime.p7s
Description: S/MIME cryptographic signature