difference of opinion re: Sudo and security - 2 approaches

From: Manager (Manager_member_at_newsguy.com)
Date: 09/19/05

  • Next message: base60: "Re: difference of opinion re: Sudo and security - 2 approaches" 
    Date: 18 Sep 2005 18:14:33 -0700

    Hello

    I am seeking advice from those very experienced with Sun's, Unix, webservers,
    database servers, and setting up sudo in that kind of environment. My objective
    is to ensure security, accountability, auditability, and minimize the impact of
    human error.

    I have a difference of opinion between two operational IT groups (one is systems
    admin, the other is applications) regarding the best way to set up sudo.

    I have a contracted systems admin service (a couple of people) managing 4
    Solaris servers from a remote location normally (come in by VPN) They are
    responsible for the operating system and hardware only. They are contracted
    from a well established external company that has been around quite a while
    providing IT services and support, and facilties management, but are new service
    providers to us.

    I also have an in-house applications group (again a couple of people - with some
    additional contractors as needed). They are responsible for applications now,
    but in the past provided direction and/or direct support on the hardware and
    operating system for these systems.

    The machines run production and test for apache (public web), and internal
    application servers and databases (oracle, application servers like 9ias). Each
    of the application software packages has its own dedicated account, e.g. oracle,
    web, appservice1, etc.

    The applications group needs the ability to run a few things with higher
    privileges, e.g. need to be able to start and stop apache, and a number of other
    things, hence the need for sudo. In the past they have had the root password,
    and would su to root directly when higher priviledges were required, and then
    back down to the relevant application account.

    The systems admin group wants the application group to log onto the machines
    (apps groups come in on the same subnet which is switched) using named accounts
    e.g. based on their personal id (e.g. jbrown), then sudo su to the application
    accounts as required. They have indicated that they wish the only the web
    account (which owns and runs apache out to the public) to be the only account
    that can sudo ALL under the concept of least priviledge. The indicate that they
    are concerned about giving sudo ALL priviledge to the personal accounts for the
    applications group in case that account is compromised.

    The applications group want to log onto the machines under their personal named
    account (e.g. jbrown), and have only those types of accounts given the
    priviledge to sudo ALL, and have none of the generic application accounts like
    "web".

    In fact the applications group wants "everyone" to have to use sudo ALL from
    only their own named account (both them and the system admin group) so that all
    actions run with higher privileges are logged under sudo against the person who
    ran the command. In the event that a machine goes into single user mode and a
    root logon is required at the machine directly, root password would be in a
    sealed envelope, secured, but available onsite.

    Which of these ways to setup and implement sudo is best given the stated
    objectives (from senior management) of security, accountability, auditability,
    and minimizin the impact of human error?

    I am looking for frank responses on this from experienced people.

    Thanks in advance.

  • Next message: base60: "Re: difference of opinion re: Sudo and security - 2 approaches"

    Relevant Pages

    • Which way is correct to implement sudo
      ... the other is applications) regarding the best way to set up sudo. ... Solaris servers from a remote location normally They are ... I also have an in-house applications group (again a couple of people - with some ... back down to the relevant application account. ...
      (comp.sys.sun.admin)
    • Re: difference of opinion re: Sudo and security - 2 approaches
      ... > The web account SHOULD NOT be able to sudo to anything but a helper script ... I'd've expected the webadmin role account to be different from the webdata ... > I'm using su1 instead of sudo, mostly because it's easier to find, compile ...
      (comp.security.unix)
    • Re: Easy way/script to add another user like me?
      ... do to give a user sudo privileges is to add them to the admin group. ... I used my root account to add joker to the "admin group" via ...
      (Ubuntu)
    • Re: S/Key keyinit(1) authentication (lack thereof) + sudo(1)
      ... S/Key keyinitauthentication + sudo ... > 4) Run sudo, and use the correct OTP to authenticate. ... access to a root level terminal, ... - have compromised the account of a system adminstrator or other ...
      (Bugtraq)
    • Re: Error: 5 Access Denied - HELP
      ... must be inaccessible to members of the applications group. ... It would be best to place the semaphore file Start/StopService.flag ... >>> account be able to restart the services. ... Run the following command on each server: ...
      (microsoft.public.windows.server.general)