Date: Thu, 29 Dec 2011 11:34:39 -0500 From: mikel king <mikel.king@olivent.com> To: Irk Ed <irked7189@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: OT: Root access policy Message-ID: <1AD045F1-BBE7-492C-9F19-FB54F2741D5B@olivent.com> In-Reply-To: <CA%2BNe_iJfFK43CE%2BL2LHcqNSmv7AmRDYyAu4pXGFpd3QB%2By3p2w@mail.gmail.com> References: <CA%2BNe_iJfFK43CE%2BL2LHcqNSmv7AmRDYyAu4pXGFpd3QB%2By3p2w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 29, 2011, at 4:01 AM, Irk Ed wrote: > For the first time, a customer is asking me for root access to said > customer's servers. >=20 > Obviously, I must comply. At the same time, I cannot continue be > accountable for those servers. >=20 > Is this that simple and clear cut? >=20 > Assuming that I'll be asked to continue administering said servers, I = guess > I should at least enable accounting... >=20 > I'd appreciate comments/experience/advice from the wise... Call me paranoid but is your contract near term end? In my experience this is usually a precursor to a end of year cost = cutting service provider change. Specifically someone in sales's second = cousin's nephew who saw a linux server once and thinks he's an expert. I recommend that you complete a backup of everything prior to granting = them sudo access. Possibly even run am md5sum against all important = config files and save that in your back up as well. Then give them well written explanation of why sudo is superior or at = least safer to direct root access. Regards, Mikel King BSD News Network http://bsdnews.net skype: mikel.king http://twitter.com/mikelking
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1AD045F1-BBE7-492C-9F19-FB54F2741D5B>