Mailinglist Archive: opensuse-factory (883 mails)

< Previous Next >
Re: [opensuse-factory] Roles for security and convenience
On Fri, 2012-05-25 at 20:24 -0300, Claudio Freire wrote:
On Fri, May 25, 2012 at 8:07 PM, Hans Witvliet <suse@xxxxxxxxxxx> wrote:
b) in a large company specific roles are assigned to certain users,
Those users should only be troubled with their own pwd, and should never
have access to neither root-pwd nor root-privileges.

Dedicated accounts with their own pwd are a nightmare for an
organisation.

What do you mean with that? I can only parse that sentence to mean all
users should have the same password, which seems quite unlikely to be
what you meant as that's nonsense.

Perhaps mistaken, but i got the impression that privileges for
maintaining , for instance a printer, would be given to a dedicated
_user_ account (with its own pwd) instead of giving the privilege to a
group. Although it might lead to a working situation, if you need dozens
of accounts & pwd to do your job, the situation got worse instead of
better/safer.


And against gaining root privileges with sudo:
A work somebody implented it, and it ended up in a huge mess.
the person asked for it so he could start/stop apache and mysql and so
on. but some weeks later on whe found out that was doing totally other
things (changing network addresses, which caused a lot of trouble)
(Probably he implemented it the wrong way, but still it leaves a bitter
taste)

hw

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups