Re: PowerBroker
From: Michael Heiming (michael+USENET@www.heiming.de)
Date: 03/29/03
- Previous message: Jason Amato: "Re: PowerBroker"
- In reply to:(deleted message) Michael Vilain
- Next in thread: Jason Amato: "Re: PowerBroker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Michael Heiming <michael+USENET@www.heiming.de> Date: Sat, 29 Mar 2003 14:27:12 +0100
"Michael wrote:
...
> Powerbroker would give systems people (about 10) the ability to do root
> things from their non-root accounts and leave an audit trail. The only
> time this wouldn't work is when the network connection is down to the
> Powerbroker server, then the safe is opened.
Sounds strange, what do these people do with systems on call, case the
"Powerbroker Server" fails?
What if a systems network connection breaks and you need to work from
terminal server, but arghh this shitty "Powerbroker Server" isn't
reachable and you can't login as root because you don't have the root
password.
Sorry, but this sounds very suspicious and I can't imagine how this should
work out in a 24/7 environment (without shift work). If some company
doesn't trust there own admins, well then they made a big mistake in
the first place, while recruiting.
> If you don't need this level of root auditing, sudo will do you just
> fine.
Sudo can log many things, if you like, but it doesn't allow "save" editing
of files, but mostly you only want to add/remove something from a file
which the user doesn't own, writing a short script has cleared those
problems for me, in the past.
-- Michael Heiming Remove +SIGNS and www. if you expect an answer, sorry for inconvenience, but I get tons of SPAM
- Previous message: Jason Amato: "Re: PowerBroker"
- In reply to:(deleted message) Michael Vilain
- Next in thread: Jason Amato: "Re: PowerBroker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
