[lug] recovering sudo w/o root

Michael Wegener mwegener at knowledgefactor.com
Thu Jan 15 02:23:30 MST 2004 

I inherited an environment where discipline, continuity and consistency only
existed in the dictionary which was also misplaced. The MO appears to have
been 1) Panic 2) Throw a fix 3) Maybe write it down somewhere 4) Panic...
And then there were the complicated personnel issues. I hadn't imagined the
level of slow torture I was getting myself into when I signed on here to
stabilize things. And this problem was just a frustrating annoyance.

BTW I did the standard root recovery from CD almost without a hitch.

--M

-----Original Message-----
From: lug-bounces at lug.boulder.co.us
[mailto:lug-bounces at lug.boulder.co.us]On Behalf Of Nate Duehr
Sent: Wednesday, January 14, 2004 5:09 PM
To: Boulder (Colorado) Linux Users Group -- General Mailing List
Subject: Re: [lug] recovering sudo w/o root


On Wednesday 14 January 2004 04:05 pm, Bear Giles wrote:

> If you trust your environment, tape the envelope to the inside of
> the case.  Slip the index card into the envelope.  Always
> available in a known place.

Heh... a better one was my friend who GPG encrypted a text file with all
the critical system password info then asked the company LAWYERS to store
it in THEIR safe on CD-R and had them sign a document that only the
CEO/COO could request it be removed.  (Except updates.)

Lawyers guard their document safes like a momma mountain lion with
kittens.  Wonderful idea he had there.  The psychological implications of
having to ask the company lawyers to get into their safe made a nice
deterrent.

A new one was put in every time the system passwords were changed, and the
old one shredded/destroyed.  The sealed envelope with the document that
had the GPG passphrase typed on it was stored somewhere completely
different... I forget now...

But it was convoluted enough that no one would attempt messing with
getting it unless all the admins were "run over by a bus"... which was
what it was there to cover for... heh.  Or I suppose if they wanted to
fire all of us at once, it would have come in handy.  ;-)

--
Nate Duehr, nate at natetech.com

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.560 / Virus Database: 352 - Release Date: 1/8/2004

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.560 / Virus Database: 352 - Release Date: 1/8/2004

More information about the LUG mailing list