Re: privileged IDs and non-privileged IDs

From: Juha Laiho (Juha.Laiho@iki.fi)
Date: 07/16/02 

From: Juha Laiho <Juha.Laiho@iki.fi>
Date: Tue, 16 Jul 2002 07:37:01 GMT

noname <noname@localdomain.com> said:
>but maybe i explain more a bit to make myself clearer.. actually this
>does not just apply to unix. my company now is very ``interested'' in
>security, and thus, wants us to differentiate IDs or usernames for admin
>purpose and non-admin (general use) purpose, and all admin operations
>must be audit-trailed.
>
>Our mgt wants us to use personalised privileged IDs (not root or
>administrator or sa or adm, etc) to admin servers. our non-privileged
>IDs will only be for everyday normal use, and that's it... so, to login
>to a NT, or unix, or Lotus notes, or any application system for normal
>use, we use our normal everyday ID with absolutely no admin powers, just
>like any users.. To administrator the OS, or whatever application
>system, we should use our privileged user ID for that system. and my mgt
>asked a question i can't and don't know how to answer: "what is the
>industry convention for creating a privileged ID?"

I'd say that the convention is to use 'sudo', from the regular personal
account to the account with just the needed privileges, and preferably
with sudo set up to restrict the commands that can be run. The audit
trail will be in the sudo log.

If you want to have a long discussion with the management, try asking
how they suppose OS installations should be audited? Also, how to audit
what has been done when a system has been booted to single-user mode?

So, while minimising your everyday access and making your actions more
carefully logged (with sudo), try to also explain to the management that
there are times where complete audit is not possible, and at times an
administrator might need to do some unpredictable actions, so also a
complete root shell is needed -- and while that can be audited, it is
also possible for the root to immediately remove the audit trail, so
auditing that is more or less pointless. 

-- 
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Relevant Pages

  • Re: Can not start some Administration applications
    ... gksu (not sudo), for example, ... If you can get the users module open with admin privileges, ...
    (Ubuntu)
  • Re: users and groups
    ... which in return has been granted with root privileleges in /etc/sudoers ... [%admin ALL=ALL] ... and only user with root or specific privileges can grant users and groups ... Well it occurs to me you must have a password to make sudo work and ...
    (Ubuntu)
  • RE: Executing app with admin privileges
    ... just a particular application with admin credentials while the rest run ... Use any one of the "elevate my privileges during this software run ... Norwich University ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has ...
    (Security-Basics)
  • Re: Root privilege (SOLVED)
    ... And I don't use sudo either. ... without too much fuss to another user's context without knowledge of his ... Roberto does have a point when he mentions GUI install/configuration ...
    (Debian-User)
  • Re: Easy way/script to add another user like me?
    ... have to do to give a user sudo privileges is to add them to the ... # Members of the admin group may gain root privileges ... of cracking the root password because they already know the ...
    (Ubuntu)