Root access
Iztok Umek
ncsa-discussion@ncsysadmin.org
Fri, 28 Feb 2003 08:09:40 -0500
> I am taking a quick survey as to who gets root access. I am only
> interested in places that have Unix admins, developers, DBAs. If people
> have dual roles then it doesn't apply.
Root access is/should be granted on the least privilege basis. Use sudo or
simmilar tools if needed for specific tasks.
A lot of the tasks can be done w/o root.
> Also if anyone has references to online documents on why wide spread
> root access is a bad thing that would be great.
It is called accountability. You need to know who did what. If everyone is
root, then you don't know what they did and who messed up. I.e. root can
sniff traffic on the net, install back doors, root kits etc... need I say
more?
Read about security on http://rr.sans.org/ and learn.