[lug] root password
Rob Nagler
nagler at bivio.biz
Wed Aug 2 12:17:17 MDT 2006
Bear Giles writes:
> root access, the "somebody reset the root password on a shared
> machine..." approach doesn't work well in practice.
This is our standard mode of operating. We don't use sudo. We've
never had a external or internal security problem.
sudo removes one level of password security, and introduces many more
passwords that have root access. It's less secure, but more
convenient.
If you have high turnover of people who have root access, slow down
the process of giving out the root password. We have a formal
ceremony giving people the root password(s). This happens when we're
very sure the person is going to stay, and s/he has the necessary
skills and attitude to handle root access.
Anybody who leaves our company is still under non-disclosure, and more
importantly, they have been vetted (after our three month period) to
not be someone who will go postal. This gives us breathing room on
changing the root password at our convenience. Yes, there may be the
rare situation where you need to change the root password immediately,
but then you will also need to change a lot of other passwords, too,
including verifying there are no hidden ssh authorized_key entries or
other trojan horses lying around.
Rob
More information about the LUG
mailing list