Root access
jay
ncsa-discussion@ncsysadmin.org
27 Feb 2003 17:57:05 -0500
On Thu, 2003-02-27 at 17:02, John Turner wrote:
> Also if anyone has references to online documents on why wide spread
> root access is a bad thing that would be great.
I think you will find that in a *nix shop that it is more common to just
hand it (or sudo) out to a trusted handful that would have to answer to
someone if things go wrong. Otherwise, people move to a least privilege
approach or move outside a vanilla product release with access control
hooks. You could probably snarf some information from RSBAC, RBAC, MAC,
LBAC pages etc...though it might not all be focused on the evils and
pitfalls of having root.
HP Virtual Vault (really old idea but good marketing points)
http://www.hp.com/security/products/virtualvault/papers/datasheet_4.0/index.html
Rule Set Based Access Control
http://www.rsbac.org/why.htm
Role Based Access Control
http://www.itworld.com/nl/unix_sys_adm/06262002/pf_index.html
http://wwws.sun.com/software/whitepapers/wp-rbac/
http://wwws.sun.com/software/solaris/trustedsolaris/ds-ts8/index.html
HTH,
Jay
--
Jay Cuthrell, CTO
NeoNova Network Services, Inc.
http://www.neonova.net/
jay@neonova.net 919.460.3330